CVE-2017-7271

Published March 27th, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen.

yiisoft/yii2

Yii 2: The Fast, Secure and Professional PHP Framework

GitHub

14.3K