2 matches found
CVE-2022-34297
Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field.
CVE-2020-36655
Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.