Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS00eGg5LTV2aDgtM3A1OM4AAbo9

Moderate EPSS: 0.00285% (0.51633 Percentile) EPSS:
Permalink JSON

Yii Framework Reflected XSS

Affected Packages Affected Versions Fixed Versions
packagist:yiisoft/yii2 < 2.0.11 2.0.11
9,497 Dependent packages
33,911 Dependent repositories
26,783,679 Downloads total

Affected Version Ranges

All affected versions

2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10

All unaffected versions

2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19, 2.0.20, 2.0.21, 2.0.22, 2.0.23, 2.0.24, 2.0.25, 2.0.26, 2.0.27, 2.0.28, 2.0.29, 2.0.30, 2.0.31, 2.0.32, 2.0.33, 2.0.34, 2.0.35, 2.0.36, 2.0.37, 2.0.38, 2.0.39, 2.0.40, 2.0.41, 2.0.42, 2.0.43, 2.0.44, 2.0.45, 2.0.46, 2.0.47, 2.0.48, 2.0.49, 2.0.50, 2.0.51, 2.0.52, 2.0.53

Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen.

References:

Identifiers

GHSA-4xh9-5vh8-3p58

CVE-2017-7271

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00285

EPSS Percentile: 0.51633

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yiisoft/yii2

Date and time

Published

over 3 years ago

Updated

almost 2 years ago

API

JSON