CVE-2025-32027 Information

Description

Yii is an open source PHP web framework. Prior to 1.1.31 yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher.

Reference

https://github.com/yiisoft/yii/commit/d386d737861c9014269b7ed8c36c65eadb387368 https://github.com/yiisoft/yii/security/advisories/GHSA-7r2v-8wxr-3ch5