Lucene search

Yiiframework Security Vulnerabilities

cve

CVE-2018-6009

In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of...

8.8CVSS

7.4AI Score

0.001EPSS

2018-01-22 10:29 PM

cve

CVE-2018-6010

In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and...

7.5CVSS

6.3AI Score

0.002EPSS

2018-01-22 10:29 PM

cve

CVE-2015-3397

Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or...

5.7AI Score

0.002EPSS

2015-05-14 12:59 AM

cve

CVE-2014-4672

The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value...

7.5AI Score

0.006EPSS

2014-07-03 05:55 PM