VYPR
Moderate severityNVD Advisory· Published Aug 10, 2006· Updated Jun 16, 2026

CVE-2006-4067

CVE-2006-4067

Description

Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these details are obtained from third party information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cakephp/cakephpPackagist
>= 1.0.1.2708, < 1.1.7.33631.1.7.3363

Affected products

6
  • Cakephp/Cakephp5 versions
    cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*range: <=1.1.6.3264
    • cpe:2.3:a:cakephp:cakephp:1.0.1.2708:*:*:*:*:*:*:*
    • cpe:2.3:a:cakephp:cakephp:1.1.3.2967:*:*:*:*:*:*:*
    • cpe:2.3:a:cakephp:cakephp:1.1.4.3104:*:*:*:*:*:*:*
    • cpe:2.3:a:cakephp:cakephp:1.1.5.3148:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 1.0.1.2708, < 1.1.7.3363

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.