Medium severity6.1NVD Advisory· Published Jul 21, 2017· Updated May 13, 2026

CVE-2017-11516

Description

An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
yiisoft/yii2-devPackagist	>= 2.0.12, < 2.0.13	2.0.13
yiisoft/yii2Packagist	>= 2.0.12, < 2.0.13	2.0.13

Affected products

Yiiframework/Yii
cpe:2.3:a:yiiframework:yii:2.0.12:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/yiisoft/yii2/pull/14492nvdIssue TrackingPatchThird Party AdvisoryWEB
github.com/yiisoft/yii2/pull/14492/files/feb4067de8a58f391a66e395192b0d83a8109b95nvdIssue TrackingPatchThird Party AdvisoryWEB
github.com/advisories/GHSA-4c64-w8fg-xcq2ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-11516ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000