Description
Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by César Fernández · textremotesolaris
https://www.exploit-db.com/exploits/23605
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/14936
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9496
Exploit, Patch third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/10701/
Patch vdb-entry
x_refsource_osvdb
http://www.osvdb.org/3707
Scores
EPSS
0.0468
EPSS Percentile
89.4%
Details
Status
published
Products (9)
cherokee/cherokee_httpd
0.1
cherokee/cherokee_httpd
0.1.5
cherokee/cherokee_httpd
0.1.6
cherokee/cherokee_httpd
0.2
cherokee/cherokee_httpd
0.2.5
cherokee/cherokee_httpd
0.2.6
cherokee/cherokee_httpd
0.2.7
cherokee/cherokee_httpd
0.4.6
cherokee/cherokee_httpd
0.4.7
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026