Lucene search

GitHub Advisory DatabaseGHSA-W2XX-JP9F-GP8G

HistoryMay 17, 2022 - 3:30 a.m.

Yii Framework Cross-site Scripting Vulnerability

2022-05-1703:30:00

CWE-79

GitHub Advisory Database

github.com

cross-site scripting

json

arrays

internet explorer

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

56.9%

JSON

Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7.

Affected configurations

Vulners

Node

yiisoftyii2Range<2.0.4

VendorProductVersionCPE
yiisoftyii2*cpe:2.3:a:yiisoft:yii2:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yiisoft	yii2	*	cpe:2.3:a:yiisoft:yii2::::::::

References

www.securityfocus.com/bid/74663

www.yiiframework.com/news/86/yii-2-0-4-is-released/

github.com/advisories/GHSA-w2xx-jp9f-gp8g

github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2015-3397.yaml

github.com/yiisoft/yii2/blob/2.0.4/framework/CHANGELOG.md

nvd.nist.gov/vuln/detail/CVE-2015-3397

web.archive.org/web/20210122155403/www.securityfocus.com/bid/74663

www.yiiframework.com/news/86/yii-2-0-4-is-released/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

56.9%

JSON

Related for GHSA-W2XX-JP9F-GP8G