Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/cakephp/cakephp@1.1.6%2B3264

Type composer

Namespace cakephp

Name cakephp

Version 1.1.6+3264

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.1.7+3363

Latest_non_vulnerable_version 5.3.1

Affected_by_vulnerabilities

url VCID-xft3-8rxg-8kf4

vulnerability_id VCID-xft3-8rxg-8kf4

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these details are obtained from third party information.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-4067

reference_id

reference_type

scores

value	0.00416
scoring_system	epss
scoring_elements	0.61974
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-4067

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/28256
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/28256

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2006-4067
reference_id	CVE-2006-4067
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2006-4067

reference_url	https://github.com/advisories/GHSA-vc29-mvwv-wpcq
reference_id	GHSA-vc29-mvwv-wpcq
reference_type
scores
url	https://github.com/advisories/GHSA-vc29-mvwv-wpcq

fixed_packages

url	pkg:composer/cakephp/cakephp@1.1.7%2B3363
purl	pkg:composer/cakephp/cakephp@1.1.7%2B3363
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@1.1.7%252B3363

aliases CVE-2006-4067, GHSA-vc29-mvwv-wpcq

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xft3-8rxg-8kf4

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/cakephp/cakephp@1.1.6%252B3264

Package Instance