CVE-2025-32027

Medium CVSS: 6.1

Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher.

Vendor

Yiiframework

Product

Yii

CWE

CWE-79

Yayın Tarihi

2025-04-10 15:16:05

Güncelleme

2025-09-17 18:30:17

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Yii MEDIUM Yiiframework 2025

Referanslar

https://github.com/yiisoft/yii/commit/d386d737861c9014269b7ed8c36c65eadb387368 https://github.com/yiisoft/yii/security/advisories/GHSA-7r2v-8wxr-3ch5

Benzer Kayıtlar

Medium

CVE-2025-48493

The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, t…

Critical

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regres…

Medium

CVE-2025-2690

A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Gen…

Medium

CVE-2025-2689

A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue i…

Critical

CVE-2024-4990

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does…