2 matches found
CVE-2019-20798
An XSS issue was discovered in handlerserverinfo.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and...
CVE-2019-20798
CVE-2019-20798 affects Cherokee web server versions 1.2.104 and earlier. The issue is an XSS in the handler_server_info.c module that causes the About page to display the requested URL incorrectly in the default configuration, enabling an attacker in the administrator panel to reconfigure the ser...