Headline

GHSA-qh8m-9qxx-53m5: CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting

Impact

The PaginatorHelper::limitControl() method has a cross-site-scripting vulnerability via query string parameter manipulation.

Patches

This issue has been fixed in 5.2.12 and 5.3.1

Workarounds

If you are unable to upgrade, you should avoid using Paginator::limitControl() until you can upgrade.

8 hours ago

ghsa

Open in Source

#vulnerability #git #intel #php

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2026-23643

CakePHP PaginatorHelper::limitControl() vulnerable to reflected cross-site-scripting

Moderate severity GitHub Reviewed Published Jan 16, 2026 in cakephp/cakephp • Updated Jan 16, 2026

Package

composer cakephp/cakephp (Composer)

Affected versions

>= 5.2.10, < 5.2.12

= 5.3.0

Patched versions

5.2.12

5.3.1

Description

Published to the GitHub Advisory Database

Jan 16, 2026

Last updated

Jan 16, 2026

EPSS score

ghsa: Latest News

GHSA-8qq5-rm4j-mr97: node-tar is Vulnerable to Arbitrary File Overwrite and Symlink Poisoning via Insufficient Path Sanitization

8 hours ago

ghsa

GHSA-232v-j27c-5pp6: REC in MCPJam inspector due to HTTP Endpoint exposes

8 hours ago

ghsa

GHSA-53wg-r69p-v3r7: GraphQL Modules has a Race Condition issue

8 hours ago

ghsa

GHSA-38cw-85xc-xr9x: Veramo is Vulnerable to SQL Injection in Veramo Data Store ORM

8 hours ago

ghsa

GHSA-cc8m-98fm-rc9g: Skipper is vulnerable to arbitrary code execution through lua filters

8 hours ago

ghsa