Loading
Generated remediation guidance and an executive summary. No account required.
In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.
Use CWE-79, Yiiframework vendor hub and Yiiframework product page to widen CVE-2018-6010 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2018-6009, CVE-2014-4672 and CVE-2015-3397 for nearby disclosures in the same product family.