Cross-site Scripting (XSS)

Overview cakephp/cakephp is a rapid development framework for PHP which uses commonly known design patterns like Associative Data Mapping, Front Controller, and MVC. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the PaginatorHelper::limitControl function. An...

CVE-2026-23643

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...

CVE-2026-23643

The CVE-2026-23643 entry concerns CakePHP and a cross-site-scripting vulnerability in PaginatorHelper::limitControl() triggered by query string manipulation. Affected versions are fixed in 5.2.12 and 5.3.1; upgrade to at least those releases to mitigate. The vulnerability description is corrobora...

CVE-2026-23643

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...

CakePHP cross-site scripting vulnerabilities

CakePHP is an open-source web development framework based on the MVC architecture, created by the CAKE Foundation in the United States. This framework features flexible view caching, automatic generation of CRUD code, and other functionalities. Versions of CakePHP prior to 5.2.12 and 5.3.1...

CakePHP 5.2.12 Released

CakePHP 5.2.12 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 5.2.12. This is a security fix release for the 5.2 branch that fixes a security issue with PaginatorHelper. This release is recommended for all applications using PaginatorHelper::limitControl...

DSA-1992-1 chrony - denial of service

Bulletin has no description...