yiisoft/yii2-gii is vulnerable to cross-site scripting. The vulnerability exists in the rules
function of Generator.php
due to a lack of proper validation rules for enableI18N
and messageCategory
which allows an attacker to inject and execute malicious JavaScript.