CVE-2026-45728 Algernon: Single-file mode unconditionally enables debug mode

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or template error respon...

Yii does not prevent XSS in scenarios where fallback error renderer is used

Impact Affected versions of yiisoft/yii are vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Patches Upgrade yiisoft/yii to version 1.1.31 or higher. References - Git commit If you have any questions or comments about this advisory, contact us through...

GHSA-7R2V-8WXR-3CH5 Yii does not prevent XSS in scenarios where fallback error renderer is used

Impact Affected versions of yiisoft/yii are vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Patches Upgrade yiisoft/yii to version 1.1.31 or higher. References - Git commit If you have any questions or comments about this advisory, contact us through...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the fallback error renderer. An attacker can manipulate the output displayed to the user by injecting malicious scripts into the input that is reflected in error messages. Note: This is only exploitable ...

CVE-2025-32027 Yii does not prevent XSS in scenarios where fallback error renderer is used

Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher...

CVE-2025-32027 Yii does not prevent XSS in scenarios where fallback error renderer is used

Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher...

PT-2025-15994 · Yii · Yiisoft/Yii

Name of the Vulnerable Software and Affected Versions: yiisoft/yii versions prior to 1.1.31 Description: The issue concerns a Reflected XSS vulnerability in specific scenarios where the fallback error renderer is used. Recommendations: For versions prior to 1.1.31, upgrade yiisoft/yii to version...