Description

Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.

Remediation

References

CVE-2011-2191

Related Vulnerabilities

WordPress Plugin Gallery by BestWebSoft 'php.php' Arbitrary File Upload (3.06)

WordPress Plugin Stream Video Player Cross-Site Request Forgery (1.4.0)

WordPress Plugin PowerPress Podcasting by Blubrry Cross-Site Scripting (6.0)

PHP Out-of-bounds Write Vulnerability (CVE-2022-4900)

Coppermine Improper Authentication Vulnerability (CVE-2005-3979)

Severity

Medium

Classification

CVE-2011-2191 CWE-352

Tags

Missing Update Known Vulnerabilities