Description
Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74663
Patch, Vendor Advisory x_refsource_confirm
http://www.yiiframework.com/news/86/yii-2-0-4-is-released/
Patch x_refsource_confirm
https://github.com/yiisoft/yii2/blob/2.0.4/framework/CHANGELOG.md
Scores
EPSS
0.0152
EPSS Percentile
71.6%
Details
CWE
CWE-79
Status
published
Products (2)
yiiframework/yiiframework
< 2.0.3
yiisoft/yii2
0 - 2.0.4Packagist
Published
May 14, 2015
Tracked Since
Feb 18, 2026