Cakephp

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-23643 MEDIUM PATCH This Month

CakePHP versions prior to 5.2.12 and 5.3.1 contain a stored cross-site scripting vulnerability in the PaginatorHelper::limitControl() method that allows unauthenticated attackers to inject malicious scripts through query string parameters. An attacker can exploit this to steal session cookies, perform unauthorized actions, or redirect users to malicious sites. The vulnerability requires user interaction to trigger but affects all installations using the vulnerable PaginatorHelper component.

Redhat Cakephp

NVD GitHub

CVSS 3.1

5.4

EPSS

0.0%

CVE-2026-23643

EPSS 0% CVSS 5.4

MEDIUM PATCH This Month

CakePHP versions prior to 5.2.12 and 5.3.1 contain a stored cross-site scripting vulnerability in the PaginatorHelper::limitControl() method that allows unauthenticated attackers to inject malicious scripts through query string parameters. An attacker can exploit this to steal session cookies, perform unauthorized actions, or redirect users to malicious sites. The vulnerability requires user interaction to trigger but affects all installations using the vulnerable PaginatorHelper component.

Redhat Cakephp

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy