CVE-2018-6010

In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
yiiframeworkyiiframework
2.0.0
yiiframeworkyiiframework
2.0.0:alpha
yiiframeworkyiiframework
2.0.0:beta
yiiframeworkyiiframework
2.0.0:rc
yiiframeworkyiiframework
2.0.1
yiiframeworkyiiframework
2.0.2
yiiframeworkyiiframework
2.0.3
yiiframeworkyiiframework
2.0.4
yiiframeworkyiiframework
2.0.5
yiiframeworkyiiframework
2.0.6
yiiframeworkyiiframework
2.0.7
yiiframeworkyiiframework
2.0.8
yiiframeworkyiiframework
2.0.9
yiiframeworkyiiframework
2.0.10
yiiframeworkyiiframework
2.0.11
yiiframeworkyiiframework
2.0.11.1
yiiframeworkyiiframework
2.0.11.2
yiiframeworkyiiframework
2.0.12
yiiframeworkyiiframework
2.0.13
yiiframeworkyiiframework
2.0.13.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/yiisoft/yii2/commit/6b0be47e0fa9c532e03b07b4369050582fcf5c7a
https://github.com/yiisoft/yii2/issues/14711
https://github.com/yiisoft/yii2/pull/15534
https://github.com/yiisoft/yii2/commit/6b0be47e0fa9c532e03b07b4369050582fcf5c7a
https://github.com/yiisoft/yii2/issues/14711
https://github.com/yiisoft/yii2/pull/15534