CVE-2006-4067: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 1, 2022 (updated January 9, 2023)

Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 (“Not Found”) error page. NOTE: some of these details are obtained from third party information.

References

exchange.xforce.ibmcloud.com/vulnerabilities/28256
github.com/advisories/GHSA-vc29-mvwv-wpcq
nvd.nist.gov/vuln/detail/CVE-2006-4067

Code Behaviors & Features

Detect and mitigate CVE-2006-4067 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →