Cherokee 0.1.x/0.2.x/0.4.x Error Page Cross-Site Scripting Vulnerability

ID EDB-ID:23605
Type exploitdb
Reporter César Fernández
Modified 2004-01-26T00:00:00


Cherokee 0.1.x/0.2.x/0.4.x Error Page Cross Site Scripting Vulnerability. CVE-2004-2171. Remote exploit for solaris platform


Cherokee has been reported to contain a cross-site scripting vulnerability via error pages.

An attacker can exploit this issue by crafting a URI link containing the malevolent HTML or script code, and enticing a user to follow it. The attacker-supplied code may be rendered in the web browser of a user who follows the malicious link. Exploitation of this issue may allow for theft of cookie-based authentication credentials or other attacks.<script>alert(document.cookie)</script>