Description
CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2685 Vulnerability (CVE-2019-2685)
WordPress Plugin Post Title Counter Cross-Site Scripting (1.1)
Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.23)
WordPress Plugin Colorful Categories Cross-Site Request Forgery (2.0.14)
WordPress Plugin eCommerce Product Catalog for WordPress Cross-Site Request Forgery (3.0.17)