https://www.exploit-db.com/exploits/23605
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1080

Cherokee0.4.8存在跨站脚本攻击（XSS）漏洞。远程攻击者可以利用出错消息页面中未正确引用的URL注入任意web脚本或HTML。

source: http://www.securityfocus.com/bid/9496/info

Cherokee has been reported to contain a cross-site scripting vulnerability via error pages.

An attacker can exploit this issue by crafting a URI link containing the malevolent HTML or script code, and enticing a user to follow it. The attacker-supplied code may be rendered in the web browser of a user who follows the malicious link. Exploitation of this issue may allow for theft of cookie-based authentication credentials or other attacks.

http://www.example.com/<script>alert(document.cookie)</script>

来源:BID
名称:9496
链接:http://www.securityfocus.com/bid/9496
来源:OSVDB
名称:3707
链接:http://www.osvdb.org/3707
来源:SECUNIA
名称:10701
链接:http://secunia.com/advisories/10701/
来源:XF
名称:cherokee-error-xss(14936)
链接:http://xforce.iss.net/xforce/xfdb/14936