[MEDIUM] Yii does not prevent XSS in scenarios where fallback error renderer is used

PKSA-5knt-m24q-vw91 CVE-2025-32027 GHSA-7r2v-8wxr-3ch5

Affected version: <1.1.31

Reported by:
GitHub

[HIGH] yiisoft/yii deserializing untrusted user input can lead to remote code execution

PKSA-zxnx-782b-tfrm CVE-2023-47130 GHSA-mw2w-2hj2-fg8q

Affected version: <1.1.29

Reported by:
GitHub