CVE-2017-11516CVE-2017-11516

Affected configuration(s):

cpe:/a:yiiframework:yii:2.0.12

Date published: 2017-07-21T15:29:00.520-04:00

Date last modified: 2017-07-25T13:14:50.973-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: https://github.com/yiisoft/yii2/pull/14492

Summary: An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.