CVE-2017-7271

Name of the Vulnerable Software and Affected Versions Yii Framework versions prior to 2.0.11

Description A reflected Cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen when development mode is used.

Recommendations For versions prior to 2.0.11, update to version 2.0.11 or later to resolve the issue. As a temporary workaround, consider disabling development mode to minimize the risk of exploitation.