Vulnerabilities > Yiiframework

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-22	CVE-2018-6010	Cross-site Scripting vulnerability in Yiiframework In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. network low complexity yiiframework CWE-79	7.5
2018-01-22	CVE-2018-6009	Cross-Site Request Forgery (CSRF) vulnerability in Yiiframework In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity. network low complexity yiiframework CWE-352	8.8
2017-07-21	CVE-2017-11516	Cross-site Scripting vulnerability in Yiiframework YII 2.0.12 An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled. network low complexity yiiframework CWE-79	6.1

Vulnerabilities > Yiiframework {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Yiiframework"}]}