How to fix XSS vulnerability yii on 404 page

i have problem XSS vulnerability my website on page 404
Open the url PASTE IT HEAR " (wITHOUT QOUTES) open this url and input the following payload "><svg/onload=alert(“XSS”)> You will see an XSS popup
how to fix it !
thank you

What version of Yii do you have? Tried updating to latest?

1 Like

i’m using yii2

Which version exactly?

Hi Vanchienbmt,

Are you using proper encoding when you get data from users?

for example


If you’re using proper echo and encoding standard then most cases you won’t get XSS attacks…

Happy Coding…

Also with the above, you could strip_tags.