VIR Vulnerability Intelligence Relay

CVE-2017-11516

medium
Published 2017-07-21 · Modified 2024-04-24
CVSS v3
6.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS v2
4.3
VIR risk
6.1

Description

Yii Cross-site Scripting Framework vulnerability

Predictions

Exploit likelihood
71%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/yiisoft/yii2/pull/14492/files/feb4067de8a58f391a66e395192b0d83a8109b95

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/yiisoft/yii2/pull/14492

Package impact
EcosystemPackageVulnerableFixed
php Packagistyiisoft/yii2-dev>=2.0.12,<2.0.132.0.13
php Packagistyiisoft/yii2>=2.0.12,<2.0.132.0.13

Application impact
VendorProductVersionsFixed
yiiframeworkyii2.0.12

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.