Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:yiiframework:yiiframework:2.0.4:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-6010 |
In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php. Published: January 22, 2018; 5:29:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-6009 |
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity. Published: January 22, 2018; 5:29:00 PM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |