{"id":"CVE-2022-31454","details":"Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii 2.","modified":"2026-04-10T04:47:53.840217Z","published":"2023-07-28T02:15:10.400Z","references":[{"type":"WEB","url":"https://medium.com/%40rohitgautam26/cve-2022-31454-8e8555c31fd3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/yiisoft/yii2","events":[{"introduced":"0"},{"last_affected":"0792736b3512776a70bb96e47050855f55edf063"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.45"}]}}],"versions":["2.0.0-alpha","2.0.0-beta","2.0.0-rc","2.0.10","2.0.11","2.0.11.1","2.0.11.2","2.0.12","2.0.13","2.0.13.1","2.0.14","2.0.14.1","2.0.14.2","2.0.16","2.0.16.1","2.0.17","2.0.18","2.0.19","2.0.2","2.0.20","2.0.21","2.0.22","2.0.23","2.0.24","2.0.25","2.0.26","2.0.27","2.0.28","2.0.29","2.0.3","2.0.30","2.0.31","2.0.32","2.0.33","2.0.34","2.0.35","2.0.36","2.0.37","2.0.38","2.0.39","2.0.39.1","2.0.39.2","2.0.39.3","2.0.4","2.0.40","2.0.41","2.0.41.1","2.0.42","2.0.42.1","2.0.43","2.0.44","2.0.45","2.0.6","2.0.7","2.0.8","2.0.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31454.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}