Description
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.
Remediation
References
Related Vulnerabilities
WordPress Plugin BSK PDF Manager Multiple SQL Injection Vulnerabilities (1.3.2)
MySQL CVE-2020-14852 Vulnerability (CVE-2020-14852)
WordPress Plugin Stripe For WooCommerce Security Bypass (3.3.9)
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-11446)
WordPress Plugin All 404 Redirect to Homepage Cross-Site Scripting (1.21)