XSS Vulnerability in Yii Framework Affects Debug Mode Functionality
CVE-2017-11516

6.1MEDIUM

Key Information:

Vendor: Yiiframework
Status: Yii
Vendor: CVE Published:; 21 July 2017

What is CVE-2017-11516?

An XSS vulnerability in the Yii Framework's error handling system can lead to potential exposure of sensitive information when the debug mode is enabled. This flaw occurs due to improper handling of the $exception->errorInfo variable within the exception screen. Attackers could exploit this vulnerability to inject malicious scripts, potentially compromising the security of the application. Developers using Yii Framework 2.0.12 should take immediate action to patch the issue and enhance their application's security posture.

References

https://github.com/yiisoft/yii2/pull/14492

x_refsource_CONFIRM

https://github.com/yiisoft/yii2/pull/14492/files/feb4067d...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 21, 2017
Vulnerability Reserved
Jul 21, 2017

Yiiframework

What is CVE-2017-11516?

References

CVSS V3.1

Timeline