CVE-2026-23643

Published January 16th, 2026

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl() method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1.

cakephp/cakephp

CakePHP: The Rapid Development Framework for PHP - Official Repository

GitHub

8.8K