CVE-2020-15400

CakePHP before 4.0.6 mishandles CSRF token generation, potentially allowing remote exploitation in conjunction with XSS. Affected software is CakePHP prior to 4.0.6; the issue is tied to CSRF token handling, not general input validation. Remediation mentioned in public release is to upgrade to Ca...