Vulnerability Details CVE-2006-4067
Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these details are obtained from third party information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.6%
CVSS Severity
CVSS v2 Score 4.3
References
- http://cakeforge.org/frs/shownotes.php?release_id=124
- http://secunia.com/advisories/21383
- http://www.securityfocus.com/bid/19372
- http://www.vupen.com/english/advisories/2006/3172
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28256
- http://cakeforge.org/frs/shownotes.php?release_id=124
- http://secunia.com/advisories/21383
- http://www.securityfocus.com/bid/19372
- http://www.vupen.com/english/advisories/2006/3172
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28256
Products affected by CVE-2006-4067
-
cpe:2.3:a:cakephp:cakephp:1.0.1.2708
-
cpe:2.3:a:cakephp:cakephp:1.1.3.2967
-
cpe:2.3:a:cakephp:cakephp:1.1.4.3104
-
cpe:2.3:a:cakephp:cakephp:1.1.5.3148
-
cpe:2.3:a:cakephp:cakephp:1.1.6.3264