Yiiframework: >> Yii >> 2.0.12 Security Vulnerabilities
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
CVSS Score
8.1
EPSS Score
0.009
Published
2018-03-21
An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-21
Page 2