Yiiframework: >> Yiiframework >> 1.1.14 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7.
CVSS Score
4.3
EPSS Score
0.004
Published
2015-05-14
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.
CVSS Score
7.5
EPSS Score
0.006
Published
2014-07-03