CRITICAL9.0CVE-2024-58136⚠ KEVyiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key from 0, < 2.0.52
CRITICAL9.8CVE-2015-5467Yii2 allows attackers to execute any local .php file via a relative path in the view parameter >= 2.0.0, < 2.0.5
HIGH8.9Unsafe deserialization in Yii 2
from 0, < 2.0.38
HIGH8.8Yii Framework Cross-Site Request Forgery (CSRF)
>= 2.0, < 2.0.14
HIGH8.1Unsafe Reflection in base Component class in yiisoft/yii2
from 0, < 2.0.49.4
HIGH7.5Yii Framework reflected Cross-site Scripting
>= 2.0.0, < 2.0.14
HIGH7.4Yii 2: Local file inclusion via view parameter name collision
from 0, < 2.0.55
MEDIUM6.1Yii Framework Reflected XSS
from 0, < 2.0.11
MEDIUM6.1Yii Cross-site Scripting Framework vulnerability
>= 2.0.12, < 2.0.13
MEDIUM5.9Yii Incorrectly Implements CORS
from 0, < 2.0.16
MEDIUM4.2Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
>= 2.0.43, < 2.0.49.4
—Yii Framework Cross-site Scripting Vulnerability
from 0, < 2.0.4