[原文]Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
Cherokee contains a flaw that allows a remote cross site scripting attack. This flaw exists because the server does not validate user-supplied input when non-existant URLs with embedded scripting code are requested. This could allow an attacker to create a specially crafted URL that would not be understood by the web server and result in a 400 Error page, enabling them to execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Upgrade to version 0.5.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.