CVE-2017-11516

MEDIUM6.1EPSS 0.22%

Yii Cross-site Scripting Framework vulnerability

發布日:2022/5/17修改日:2024/4/24

描述

An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled.

受影響套件(2)

Packagist/yiisoft/yii2>= 2.0.12, < 2.0.13
Packagist/yiisoft/yii2-dev>= 2.0.12, < 2.0.13

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-11516
PATCHhttps://github.com/yiisoft/yii2-framework
WEBhttps://github.com/yiisoft/yii2/pull/14492
WEBhttps://github.com/yiisoft/yii2/pull/14492/files/feb4067de8a58f391a66e395192b0d83a8109b95