Description
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.
Remediation
References
Related Vulnerabilities
PostgreSQL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2020-25694)
WordPress Plugin qTranslate X Multiple Cross-Site Scripting Vulnerabilities (3.4.6.8)
WordPress Plugin WP User Groups Cross-Site Request Forgery (2.0.0)
WordPress Plugin Live Scores for SportsPress Multiple Vulnerabilities (1.9.0)