Name of the Vulnerable Software and Affected Versions CakePHP versions 3.4 prior to 3.4.14 CakePHP versions 3.5 prior to 3.5.17 CakePHP versions 3.6 prior to 3.6.4

Description The issue is a cross-site-scripting (XSS) vulnerability found in the development only missing route and duplicate named route error pages.

Recommendations For CakePHP versions 3.4 prior to 3.4.14, update to version 3.4.14 or later. For CakePHP versions 3.5 prior to 3.5.17, update to version 3.5.17 or later. For CakePHP versions 3.6 prior to 3.6.4, update to version 3.6.4 or later.