Looking for a fix? Check your Codebase security with multiple scanners from

Edit Report

Our sensors found this exploit at:

Below is a copy:

Yii Framework 2.0.9 - Cross Site Scripting
# Exploit Title: Yii Framework 2.0.9 - Cross Site Scripting 
# Discovery Date: 2019-02-12 
# Exploit Author: Gionathan "John" Reale
# Vendor Homepage:
# Version: 2.0.9 
# CVE : 2018-6010

In Yii Framework 2.x before 2.0.14, an reflected XSS vulnerability can be exploited from exception messages printed by the error handler in non-debug mode, related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.


Copyright ©2019 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.