Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8
CVE-2018-6009
- EPSS 0.17%
- Published 22.01.2018 22:29:00
- Last modified 21.11.2024 04:09:52
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.
7.5
CVE-2018-6010
- EPSS 1.01%
- Published 22.01.2018 22:29:00
- Last modified 21.11.2024 04:09:52
In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, a...
4.3
CVE-2015-3397
- EPSS 0.33%
- Published 14.05.2015 00:59:04
- Last modified 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7.
7.5
CVE-2014-4672
- EPSS 0.57%
- Published 03.07.2014 17:55:06
- Last modified 12.04.2025 10:46:40
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.
1