Vulnerabilities > Yiiframework > Yiiframework > 1.1.14
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-05-14 | CVE-2015-3397 | Cross-site Scripting vulnerability in Yiiframework Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7. | 4.3 |
| 2014-07-03 | CVE-2014-4672 | Code Injection vulnerability in Yiiframework 1.1.14 The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property. | 7.5 |