Description CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS. Remediation References CVE-2020-15400 Related Vulnerabilities Oracle Database Server CVE-2006-1870 Vulnerability (CVE-2006-1870) Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-6939) Dotclear Other Vulnerability (CVE-2014-3782) WordPress Plugin Redux Framework Cross-Site Request Forgery (4.1.20) Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3665) Severity Medium Classification CVE-2020-15400 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities