Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Cherokee Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-20798 - Vulnerability Database
Cherokee

Cherokee Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-20798

High
Reference: CVE-2019-20798
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-20798
Title: Cherokee Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands.