CVE-2011-2191

Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in
Cherokee before 1.2.99 allows remote attackers to hijack the authentication
of administrators for requests that insert cross-site scripting (XSS)
sequences, as demonstrated by a crafted nickname field to vserver/apply.

Bugs

• <https://bugs.launchpad.net/ubuntu/+source/cherokee/+bug/784632&gt;