CVE-2022-34297
MEDIUMYii Yii2 Gii < 2.2.4 - Stored Cross-Site Scripting via Input Field Injection
Title source: llmDescription
Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field.
References (3)
Core 3
Core References
Various Sources
https://github.com/yiisoft/yii2-gii
Exploit, Third Party Advisory
https://gist.github.com/be4r/b5c48d97ef6726d3ee37f995ee5aac81
Various Sources
https://www.yiiframework.com/doc/guide/2.0/en/start-gii
Scores
CVSS v3
5.4
EPSS
0.0061
EPSS Percentile
44.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
yiiframework/gii
< 2.2.4
yiisoft/yii2-gii
0Packagist
Published
Dec 09, 2022
Tracked Since
Feb 18, 2026