Описание
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl() method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1.
Ссылки
- ProductRelease Notes
- Patch
- Issue Tracking
- ProductRelease Notes
- ProductRelease Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.2.10 (включая) до 5.2.12 (исключая)
Одно из
cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*
cpe:2.3:a:cakephp:cakephp:5.3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 5%
0.00021
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
ubuntu
3 месяца назад
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl() method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1.
CVSS3: 5.4
debian
3 месяца назад
CakePHP is a rapid development framework for PHP. The PaginatorHelper: ...
CVSS3: 5.4
github
3 месяца назад
CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting
EPSS
Процентиль: 5%
0.00021
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79