Description

Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.

Remediation

References

CVE-2011-2191

Related Vulnerabilities

WordPress Plugin WordPress Mega Menu-QuadMenu Remote Code Execution (2.0.6)

Oracle Application Server Other Vulnerability (CVE-2002-0561)

WordPress Plugin Share Buttons by AddThis Cross-Site Scripting (4.0.7)

WordPress Other Vulnerability (CVE-2004-1584)

WordPress Plugin Popup Builder-Responsive WordPress Pop up-Subscription & Newsletter Multiple Vulnerabilities (3.71)

Severity

Medium

Classification

CVE-2011-2191 CWE-352

Tags

Missing Update Known Vulnerabilities