[MEDIUM] Yii2 FileAPI Widget vulnerable to Cross-site Scripting

PKSA-wrj7-kywb-ww6w CVE-2017-20158 GHSA-j82x-fh8h-326g

Affected version: <0.1.9

Reported by:
GitHub