admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 17:50:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2019/CVE-2019-20798.md

21 lines
956 B
Markdown
Raw Normal View History

Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
### [CVE-2019-20798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20798)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands.
### POC
#### Reference
- https://github.com/cherokee/webserver/issues/1227
Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00
- https://github.com/cherokee/webserver/issues/1227
Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
- https://logicaltrust.net/blog/2019/11/cherokee.html
Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00
- https://logicaltrust.net/blog/2019/11/cherokee.html
Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink