Description
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.
Remediation
References
Related Vulnerabilities
WordPress 7PK - Security Features Vulnerability (CVE-2014-9039)
Apache Tomcat CVE-2012-5568 Vulnerability (CVE-2012-5568)
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler PHP Object Injection (5.7.0)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9855)
WordPress Plugin Bootstrap Shortcodes Cross-Site Scripting (3.4.0)