CVE-2018-6010

In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.
Cross-site Scripting
Severity
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
yiiframeworkyiiframework
2.0.0
yiiframeworkyiiframework
2.0.0
yiiframeworkyiiframework
2.0.0
yiiframeworkyiiframework
2.0.0
yiiframeworkyiiframework
2.0.1
yiiframeworkyiiframework
2.0.2
yiiframeworkyiiframework
2.0.3
yiiframeworkyiiframework
2.0.4
yiiframeworkyiiframework
2.0.5
yiiframeworkyiiframework
2.0.6
yiiframeworkyiiframework
2.0.7
yiiframeworkyiiframework
2.0.8
yiiframeworkyiiframework
2.0.9
yiiframeworkyiiframework
2.0.10
yiiframeworkyiiframework
2.0.11
yiiframeworkyiiframework
2.0.11.1
yiiframeworkyiiframework
2.0.11.2
yiiframeworkyiiframework
2.0.12
yiiframeworkyiiframework
2.0.13
yiiframeworkyiiframework
2.0.13.1
𝑥
= Vulnerable software versions