Stored XSS Vulnerability in Yii Yii2 Gii by Yii Software LLC
CVE-2022-34297

5.4MEDIUM

Key Information:

Vendor: Yiiframework
Status: Gii
Vendor: CVE Published:; 9 December 2022

What is CVE-2022-34297?

The Yii Yii2 Gii framework, through version 2.2.4, is susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This issue allows attackers to inject malicious payloads into any input field, potentially compromising user data and enabling unauthorized actions by exploiting the application's trust in user input. Proper sanitization and validation measures are critically recommended to mitigate this risk.

References

https://gist.github.com/be4r/b5c48d97ef6726d3ee37f995ee5a...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 9, 2022
Vulnerability Reserved
Jun 22, 2022

Yiiframework

What is CVE-2022-34297?

References

CVSS V3.1

Timeline