CVE-2022-31454

Name of the Vulnerable Software and Affected Versions Yii 2 version 2.0.45

Description A cross-site scripting (XSS) issue was discovered via the endpoint "/books". This allows for potential malicious script execution. The estimated number of affected devices and real-world incidents are not specified.

Recommendations For Yii 2 version 2.0.45, consider disabling access to the "/books" endpoint until a patch is available. As a temporary workaround, restrict the use of this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.