EPSS
Percentile
21.6%
CakePHP before 4.0.6 and 3.10.3 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.
bakery.cakephp.org/2020/04/18/cakephp_406_released.html
bakery.cakephp.org/2022/05/08/cakephp_3103_released.html
nvd.nist.gov/vuln/detail/CVE-2020-15400