CVE-2017-7271

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-7271

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7271.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-7271

Aliases

GHSA-4xh9-5vh8-3p58

Published

2017-03-27T17:59:00Z

Modified

2024-05-23T01:14:32.599481Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen.

References

Affected packages

Git / github.com/yiisoft/yii2

Affected ranges

Type: GIT
Repo: https://github.com/yiisoft/yii2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

97171a0db7cda0a49931ee0c3b998ef50bd06756

Affected versions

2.*

2.0.0

2.0.0-alpha

2.0.0-beta

2.0.0-rc

2.0.1

2.0.10

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9