Moderate severityNVD Advisory· Published May 14, 2015· Updated Jun 17, 2026
CVE-2015-3397
CVE-2015-3397
Description
Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
yiisoft/yii2Packagist | < 2.0.4 | 2.0.4 |
Affected products
2Patches
Vulnerability mechanics
References
9- www.yiiframework.com/news/86/yii-2-0-4-is-released/nvdPatchVendor Advisory
- github.com/yiisoft/yii2/blob/2.0.4/framework/CHANGELOG.mdnvdPatchWEB
- github.com/advisories/GHSA-w2xx-jp9f-gp8gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-3397ghsaADVISORY
- www.securityfocus.com/bid/74663nvdWEB
- www.yiiframework.com/news/86/yii-2-0-4-is-releasedghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2015-3397.yamlghsaWEB
- web.archive.org/web/20210122155403/http://www.securityfocus.com/bid/74663ghsaWEB
- www.yiiframework.com/news/86/yii-2-0-4-is-releasedghsaWEB
News mentions
0No linked articles in our index yet.