Description

CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.

Remediation

References

CVE-2020-15400

Related Vulnerabilities

MySQL CVE-2016-0646 Vulnerability (CVE-2016-0646)

MySQL CVE-2022-21605 Vulnerability (CVE-2022-21605)

WordPress Plugin Light Post 'abspath' Parameter Remote File Include (1.4)

WordPress Plugin cformsII Multiple Cross-Site Scripting Vulnerabilities (14.13.2)

WordPress 'post.php' Cross-Site Scripting Vulnerability (1.5)

Severity

Medium

Classification

CVE-2020-15400 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities