Vulnerabilities > Yiiframework > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-28 | CVE-2022-31454 | Cross-site Scripting vulnerability in Yiiframework YII 2.0.45 Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. | 6.1 |
| 2022-12-09 | CVE-2022-34297 | Cross-site Scripting vulnerability in Yiiframework GII Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field. | 5.4 |
| 2021-08-10 | CVE-2021-3692 | Use of Insufficiently Random Values vulnerability in Yiiframework YII yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | 5.0 |
| 2021-08-10 | CVE-2021-3689 | Use of Insufficiently Random Values vulnerability in Yiiframework YII yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | 5.0 |
| 2019-01-28 | CVE-2018-20745 | Origin Validation Error vulnerability in Yiiframework YII Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems. | 4.3 |
| 2018-03-21 | CVE-2018-8074 | Code Injection vulnerability in Yiiframework YII Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension. | 6.8 |
| 2018-01-22 | CVE-2018-6010 | Cross-site Scripting vulnerability in Yiiframework In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. | 5.0 |
| 2018-01-22 | CVE-2018-6009 | Cross-Site Request Forgery (CSRF) vulnerability in Yiiframework In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity. | 6.8 |
| 2017-07-21 | CVE-2017-11516 | Cross-site Scripting vulnerability in Yiiframework YII 2.0.12 An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled. | 4.3 |
| 2015-05-14 | CVE-2015-3397 | Cross-site Scripting vulnerability in Yiiframework Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7. | 4.3 |