2 matches found
CVE-2015-3397
Cross-site scripting XSS vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7...
CVE-2015-3397
The CVE-2015-3397 issue affects the Yii Framework prior to 2.0.4, where an XSS flaw could be exploited by remote attackers via JSON/arrays, particularly affecting Internet Explorer 6/7. The vulnerability arises in how JSON data is handled when rendered, allowing injection of arbitrary web script ...