SecuritySpace - CVE-2019-20798

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2019-20798

Description: An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2019-20798
https://security.gentoo.org/glsa/202012-09
https://github.com/cherokee/webserver/issues/1227
https://logicaltrust.net/blog/2019/11/cherokee.html

CVE ID:	CVE-2019-20798
Description:	An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2019-20798 https://security.gentoo.org/glsa/202012-09 https://github.com/cherokee/webserver/issues/1227 https://logicaltrust.net/blog/2019/11/cherokee.html