Markstory

**Name of the Vulnerable Software and Affected Versions** CakePHP versions prior to 5.2.12 CakePHP versions prior to 5.3.1 **Description** The `PaginatorHelper::limitControl()` method is susceptible to cross-site scripting through manipulation of query string parameters. If unable to upgrade, avoid using `Paginator::limitControl()`. **Recommendations** Upgrade to CakePHP version 5.2.12 or later. Upgrade to CakePHP version 5.3.1 or later.