Description
Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.
Remediation
References
Related Vulnerabilities
WordPress Plugin E-Search Multiple Cross-Site Scripting Vulnerabilities (1.0)
Artifactory Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-41834)
Ruby on Rails CVE-2022-23633 Vulnerability (CVE-2022-23633)
Oracle Database Server CVE-2008-0349 Vulnerability (CVE-2008-0349)