Vulnerabilities > Yiiframework > Yiiframework > 2.0.12
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-22 | CVE-2018-6010 | Cross-site Scripting vulnerability in Yiiframework In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. | 7.5 |
| 2018-01-22 | CVE-2018-6009 | Cross-Site Request Forgery (CSRF) vulnerability in Yiiframework In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity. | 8.8 |