CVE-2017-7271
MEDIUM6.1EPSS 0.29%Yii Framework Reflected XSS
發布日:2022/5/17修改日:2024/2/16
描述
Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen.
受影響套件(1)
- Packagist/yiisoft/yii2from 0, < 2.0.11
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-7271
- PATCHhttps://github.com/yiisoft/yii2
- WEBhttps://github.com/yiisoft/yii2/commit/97171a0db7cda0a49931ee0c3b998ef50bd06756
- WEBhttps://github.com/yiisoft/yii2/pull/13401
- WEBhttps://web.archive.org/web/20210125191138/http://www.securityfocus.com/bid/97167
- WEBhttp://www.yiiframework.com/news/123/yii-2-0-11-is-released