CVE-2015-3397: Cross-site Scripting

May 13, 2015 (updated December 5, 2016)

Cross-site scripting (XSS) vulnerability in Yii Framework allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6

References

www.yiiframework.com/news/86/yii-2-0-4-is-released/

Detect and mitigate CVE-2015-3397 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →