In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| yiisoft/yii2(Packagist) | 2.0.0 | 2.0.14 | N/A |
CVSS Metrics
