Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00eGg5LTV2aDgtM3A1OM4AAbo9
Yii Framework Reflected XSS
Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen.
Permalink: https://github.com/advisories/GHSA-4xh9-5vh8-3p58JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00eGg5LTV2aDgtM3A1OM4AAbo9
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Percentage: 0.00181
EPSS Percentile: 0.55507
Identifiers: GHSA-4xh9-5vh8-3p58, CVE-2017-7271
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-7271
- https://github.com/yiisoft/yii2/pull/13401
- https://github.com/yiisoft/yii2/commit/97171a0db7cda0a49931ee0c3b998ef50bd06756
- http://www.yiiframework.com/news/123/yii-2-0-11-is-released/
- https://web.archive.org/web/20210125191138/http://www.securityfocus.com/bid/97167
- https://github.com/advisories/GHSA-4xh9-5vh8-3p58
Blast Radius: 27.6
Affected Packages
packagist:yiisoft/yii2
Dependent packages: 9,497Dependent repositories: 33,911
Downloads: 24,169,492 total
Affected Version Ranges: < 2.0.11
Fixed in: 2.0.11
All affected versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10
All unaffected versions: 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19, 2.0.20, 2.0.21, 2.0.22, 2.0.23, 2.0.24, 2.0.25, 2.0.26, 2.0.27, 2.0.28, 2.0.29, 2.0.30, 2.0.31, 2.0.32, 2.0.33, 2.0.34, 2.0.35, 2.0.36, 2.0.37, 2.0.38, 2.0.39, 2.0.40, 2.0.41, 2.0.42, 2.0.43, 2.0.44, 2.0.45, 2.0.46, 2.0.47, 2.0.48, 2.0.49, 2.0.50, 2.0.51