Filtered by vendor Yiiframework
Subscriptions
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-6009 | 1 Yiiframework | 1 Yiiframework | 2024-11-21 | N/A |
| In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity. | ||||
| CVE-2018-20745 | 1 Yiiframework | 1 Yii | 2024-11-21 | N/A |
| Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems. | ||||
| CVE-2017-11516 | 1 Yiiframework | 1 Yii | 2024-11-21 | N/A |
| An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled. | ||||
| CVE-2015-5467 | 1 Yiiframework | 1 Yii | 2024-11-21 | 9.8 Critical |
| web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter. | ||||