CVE-2017-20158

Name of the Vulnerable Software and Affected Versions vova07 Yii2 FileAPI Widget versions up to 0.1.8

Description A vulnerability was found in the vova07 Yii2 FileAPI Widget, which has been declared as problematic. The issue affects the run function of the file actions/UploadAction.php. The manipulation of the file argument leads to cross-site scripting. The attack can be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Recommendations For versions up to 0.1.8, upgrade to version 0.1.9 to address this issue. As a temporary workaround, consider restricting access to the run function of the actions/UploadAction.php file until the upgrade is applied. Additionally, be cautious when handling the file argument to minimize the risk of cross-site scripting attacks.