CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3397
https://notcve.org/view.php?id=CVE-2015-3397
Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7. Vulnerabilidad de XSS en Yii Framework anterior a 2.0.4 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores relacionados con JSON, arrays, e Internet Explorer 6 o 7. • http://www.securityfocus.com/bid/74663 http://www.yiiframework.com/news/86/yii-2-0-4-is-released https://github.com/yiisoft/yii2/blob/2.0.4/framework/CHANGELOG.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4672
https://notcve.org/view.php?id=CVE-2014-4672
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property. El widget CDetailView en Framework PHP de Yii versión 1.1.14, permite a los atacantes remotos ejecutar scripts PHP arbitrarios por medio de vectores relacionados con la propiedad value. • http://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix • CWE-94: Improper Control of Generation of Code ('Code Injection') •