GHSA-w2xx-jp9f-gp8g
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w2xx-jp9f-gp8g
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w2xx-jp9f-gp8g/GHSA-w2xx-jp9f-gp8g.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w2xx-jp9f-gp8g
- Aliases
-
- CVE-2015-3397
- Published
- 2022-05-17T03:30:00Z
- Modified
- 2024-11-30T05:44:00.081747Z
- Summary
- Yii Framework Cross-site Scripting Vulnerability
- Details
-
Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7.
- Database specific
{ "nvd_published_at": "2015-05-14T00:59:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-08-03T21:58:50Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-3397
- https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2015-3397.yaml
- https://github.com/yiisoft/yii2/blob/2.0.4/framework/CHANGELOG.md
- https://web.archive.org/web/20210122155403/http://www.securityfocus.com/bid/74663
- https://www.yiiframework.com/news/86/yii-2-0-4-is-released
- http://www.securityfocus.com/bid/74663
- http://www.yiiframework.com/news/86/yii-2-0-4-is-released
Affected packages
Packagist / yiisoft/yii2
Package
- Name
- yiisoft/yii2
- Purl
- pkg:composer/yiisoft/yii2