CVE-2019-20798
Summary
| CVE | CVE-2019-20798 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-05-18 00:15:00 UTC |
| Updated | 2022-11-21 20:33:00 UTC |
| Description | An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cherokee-project | Cherokee | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Audits, Penetration Tests - LogicalTrust - [EN] A-Z: Cherokee | MISC | logicaltrust.net | Exploit, Third Party Advisory |
| Reflected XSS in handler_server_info · Issue #1227 · cherokee/webserver · GitHub | MISC | github.com | Exploit, Third Party Advisory |
| Cherokee: Multiple vulnerabilities (GLSA 202012-09) — Gentoo security | GENTOO | security.gentoo.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.