CNNVD-202601-2735 Information
CNNVD ID
CNNVD-202601-2735
Related CVE
- CNNVD Published: 2026-01-16
Description (Chinese)
CakePHP是美国CAKE基金会的一款基于MVC架构的、开源的Web开发框架。该框架具有灵活的视图缓存、自动生成CRUD代码等功能。 CakePHP 5.2.12之前版本和5.3.1之前版本存在跨站脚本漏洞,该漏洞源于PaginatorHelper::limitControl方法存在跨站脚本漏洞。
Description (English)
CakePHP is an open-source Web development framework based on the MVC architecture of the United States of America’s CAKE Foundation. The framework has flexible view caches, automatic generation of CRUD codes, etc. CakePHP 5.2.12 and 5.3.1 had a cross-site script loophole, which originated from the PaginatorHelper:limitControl method.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
CAKE
Published
2026-01-16
Last Modified
2026-02-24
References
https://bakery.cakephp.org/2026/01/14/cakephp_5212.html https://github.com/cakephp/cakephp/commit/c842e7f45d85696e6527d8991dd72f525ced955f https://github.com/cakephp/cakephp/issues/19172 https://github.com/cakephp/cakephp/releases/tag/5.2.12 https://github.com/cakephp/cakephp/releases/tag/5.3.1 https://github.com/cakephp/cakephp/security/advisories/GHSA-qh8m-9qxx-53m5 https://access.redhat.com/security/cve/cve-2026-23643