Lucene search

[email protected]CVE-2017-7271

HistoryMar 27, 2017 - 5:59 p.m.

CVE-2017-7271

2017-03-2717:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2017

7271

xss

vulnerability

yii framework

remote attackers

web script

html

debug-mode exception screen

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

59.2%

JSON

Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen.

Affected configurations

NVD

Node

yii_softwareyiiRange≤2.0.10

CPENameOperatorVersion
yii_software:yiiyii software yiile2.0.10

CPE	Name	Operator	Version
yii_software:yii	yii software yii	le	2.0.10

References

www.securityfocus.com/bid/97167

www.yiiframework.com/news/123/yii-2-0-11-is-released/

github.com/yiisoft/yii2/commit/97171a0db7cda0a49931ee0c3b998ef50bd06756

github.com/yiisoft/yii2/pull/13401

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

59.2%

JSON

Related for CVE-2017-7271

osv2 github1 prion1 cvelist1 nvd2 cve1