XSS in Apache Couchdb

CVE-2010-3854

Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.025 (85.6th percentile) — read the EPSS interpretation.

Affected products

Apache Couchdb — versions 0.8.0, 0.8.1, 0.9.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

couchdb-adminui-xss(65050) (vdb-entry, x_refsource_XF)
[couchdb-dev] 20110128 CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue (mailing-list, x_refsource_MLIST)
70734 (x_refsource_OSVDB, vdb-entry)
ADV-2011-0263 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
46066 (vdb-entry, x_refsource_BID)
20110128 CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue (mailing-list, x_refsource_BUGTRAQ)
43111 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
1025013 (vdb-entry, x_refsource_SECTRACK)