# Exploit Title: Yii Framework 2.0.9 - Cross Site Scripting
# Discovery Date: 2019-02-12
# Exploit Author: Gionathan "John" Reale
# Vendor Homepage: https://www.yiiframework.com/
# Version: 2.0.9
# CVE : 2018-6010
In Yii Framework 2.x before 2.0.14, an reflected XSS vulnerability can be exploited from exception messages printed by the error handler in non-debug mode, related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.