11 matches found
Cross-Site Scripting
yiisoft/yii is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to in specific scenarios where the fallback error renderer is used, allowing an attacker to execute arbitrary scripts in the context of the user’s browser...
Yii does not prevent XSS in scenarios where fallback error renderer is used
Impact Affected versions of yiisoft/yii are vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Patches Upgrade yiisoft/yii to version 1.1.31 or higher. References - Git commit If you have any questions or comments about this advisory, contact us through...
CVE-2025-32027
Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher...
PT-2025-15994 · Yii · Yiisoft/Yii
Name of the Vulnerable Software and Affected Versions: yiisoft/yii versions prior to 1.1.31 Description: The issue concerns a Reflected XSS vulnerability in specific scenarios where the fallback error renderer is used. Recommendations: For versions prior to 1.1.31, upgrade yiisoft/yii to version...
CVE-2022-41922
yiisoft/yii before version 1.1.27 are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. This has been patched in 1.1.27...
yiisoft/yii deserializing untrusted user input can lead to remote code execution
Impact Affected versions of yiisoft/yii are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. Patches Upgrade yiisoft/yii to version 1.1.29 or higher. For more information See the following links for more details: - Git commit -...
CVE-2023-47130 Unsafe deserialization of user data in yiisoft/yii
Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29...
CVE-2022-41922 yiisoft/yii before v1.1.27 vulnerable to Remote Code Execution if the application calls `unserialize()` on arbitrary user input
yiisoft/yii before version 1.1.27 are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. This has been patched in 1.1.27...
CVE-2022-41922
The CVE-2022-41922 entry affects the PHP framework yiisoft/yii. Prior to version 1.1.27, applications that call unserialize() on arbitrary user input are vulnerable to Remote Code Execution. The issue has been patched in 1.1.27. The vulnerability carries a high/critical impact potential per multi...
CVE-2022-41922 yiisoft/yii before v1.1.27 vulnerable to Remote Code Execution if the application calls `unserialize()` on arbitrary user input
yiisoft/yii before version 1.1.27 are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. This has been patched in 1.1.27...
PT-2022-26152 · Yii · Yiisoft/Yii
Name of the Vulnerable Software and Affected Versions: yiisoft/yii versions prior to 1.1.27 Description: The issue allows for Remote Code Execution RCE if the application calls unserialize on arbitrary user input. Recommendations: For versions prior to 1.1.27, upgrade yiisoft/yii to version 1.1.2...