Posted by A. W. on Dec 03

[+] Yii framework CmsInput extension [1] improper XSS sanitation
[+] Discovered by: Jos Wetzels
[+] Affects: Yii framework CmsInput extension <= version 1.2

Yii framework’s CmsInput extension versions 1.2 and prior suffer from
an improper XSS sanitation implementation, which has now been resolved
in cooperation with the author [2], introducing XSS vulnerabilities in
web applications developed by third-party framework users [3].
CmsInput…