CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-7271

Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 51.7%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://www.securityfocus.com/bid/97167
http://www.yiiframework.com/news/123/yii-2-0-11-is-released/
https://github.com/yiisoft/yii2/commit/97171a0db7cda0a49931ee0c3b998ef50bd06756
https://github.com/yiisoft/yii2/pull/13401
http://www.securityfocus.com/bid/97167
http://www.yiiframework.com/news/123/yii-2-0-11-is-released/
https://github.com/yiisoft/yii2/commit/97171a0db7cda0a49931ee0c3b998ef50bd06756
https://github.com/yiisoft/yii2/pull/13401

Products affected by CVE-2017-7271

Yii Software » Yii » Version: 2.0.10

cpe:2.3:a:yii_software:yii:2.0.10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-7271

Products

Pricing

Contact Us