Information Disclosure and Reflected XSS Vulnerability in Yii Framework 2.x

Information Disclosure and Reflected XSS Vulnerability in Yii Framework 2.x

CVE-2018-6010 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.

Learn more about our Web Application Penetration Testing UK.