Lucene search
K

11 matches found

Veracode
Veracode
added 2025/04/21 3:56 a.m.9 views

Cross-Site Scripting

yiisoft/yii is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to in specific scenarios where the fallback error renderer is used, allowing an attacker to execute arbitrary scripts in the context of the user’s browser...

6.1CVSS6.6AI score0.00215EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/11 2:5 p.m.17 views

Yii does not prevent XSS in scenarios where fallback error renderer is used

Impact Affected versions of yiisoft/yii are vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Patches Upgrade yiisoft/yii to version 1.1.31 or higher. References - Git commit If you have any questions or comments about this advisory, contact us through...

6.1CVSS6.1AI score0.00215EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/04/10 3:16 p.m.42 views

CVE-2025-32027

Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher...

6.1CVSS0.00215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.5 views

PT-2025-15994 · Yii · Yiisoft/Yii

Name of the Vulnerable Software and Affected Versions: yiisoft/yii versions prior to 1.1.31 Description: The issue concerns a Reflected XSS vulnerability in specific scenarios where the fallback error renderer is used. Recommendations: For versions prior to 1.1.31, upgrade yiisoft/yii to version...

6.4CVSS5.5AI score0.00215EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/02/05 11:32 p.m.8 views

CVE-2022-41922

yiisoft/yii before version 1.1.27 are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. This has been patched in 1.1.27...

9.8CVSS7.5AI score0.01133EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/11/14 10:19 p.m.33 views

yiisoft/yii deserializing untrusted user input can lead to remote code execution

Impact Affected versions of yiisoft/yii are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. Patches Upgrade yiisoft/yii to version 1.1.29 or higher. For more information See the following links for more details: - Git commit -...

9.8CVSS7.7AI score0.03147EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/11/14 8:30 p.m.36 views

CVE-2023-47130 Unsafe deserialization of user data in yiisoft/yii

Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29...

8.1CVSS10AI score0.03147EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/11/23 12:0 a.m.32 views

CVE-2022-41922 yiisoft/yii before v1.1.27 vulnerable to Remote Code Execution if the application calls `unserialize()` on arbitrary user input

yiisoft/yii before version 1.1.27 are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. This has been patched in 1.1.27...

8.1CVSS10AI score0.01133EPSS
Exploits0References2
CVE
CVE
added 2022/11/23 12:0 a.m.115 views

CVE-2022-41922

The CVE-2022-41922 entry affects the PHP framework yiisoft/yii. Prior to version 1.1.27, applications that call unserialize() on arbitrary user input are vulnerable to Remote Code Execution. The issue has been patched in 1.1.27. The vulnerability carries a high/critical impact potential per multi...

9.8CVSS9.2AI score0.01133EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/11/23 12:0 a.m.28 views

CVE-2022-41922 yiisoft/yii before v1.1.27 vulnerable to Remote Code Execution if the application calls `unserialize()` on arbitrary user input

yiisoft/yii before version 1.1.27 are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. This has been patched in 1.1.27...

8.1CVSS9.4AI score0.01133EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/11/21 12:0 a.m.6 views

PT-2022-26152 · Yii · Yiisoft/Yii

Name of the Vulnerable Software and Affected Versions: yiisoft/yii versions prior to 1.1.27 Description: The issue allows for Remote Code Execution RCE if the application calls unserialize on arbitrary user input. Recommendations: For versions prior to 1.1.27, upgrade yiisoft/yii to version 1.1.2...

9.8CVSS9.8AI score0.01133EPSS
Exploits0References9
Rows per page
Query Builder