CVE-2017-7271

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-7271
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7271.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-7271
Aliases
Published
2017-03-27T17:59:00.947Z
Modified
2026-04-10T04:00:51.153392Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen.

References

Affected packages

Git / github.com/yiisoft/yii2

Affected ranges

Type
GIT
Repo
https://github.com/yiisoft/yii2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
11fe407ad0af51765fbd35e008d0986f7f3bb840
Fixed
97171a0db7cda0a49931ee0c3b998ef50bd06756
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.10"
        }
    ]
}

Affected versions

2.*
2.0.0-alpha
2.0.0-beta
2.0.0-rc
2.0.10
2.0.2
2.0.3
2.0.4
2.0.6
2.0.7
2.0.8
2.0.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7271.json"