CVE-2017-7271
Yii Framework Reflected XSS
6.1
MEDIUM
CVSS 3.1
EPSS 0.29%
Description
Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen.
How to fix CVE-2017-7271
To remediate CVE-2017-7271, upgrade the affected package to a fixed version below.
- —upgrade to 2.0.11 or later
Is CVE-2017-7271 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.0.11
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |