Description
Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these details are obtained from third party information.
Remediation
References
Related Vulnerabilities
Collabtive Improper Input Validation Vulnerability (CVE-2012-2670)
WordPress Plugin Customer Service Software & Support Ticket System Cross-Site Scripting (5.5.1)
WordPress Plugin Event Management Tickets Booking By Event Monster Cross-Site Scripting (1.0.7)
phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-1927)
WordPress Plugin ShiftNav-Responsive Mobile Menu Cross-Site Scripting (1.5.2)