XSS in Apache Couchdb

CVE-2012-5650

Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-ba…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.009 (76.0th percentile) — read the EPSS interpretation.

Affected products

Apache Couchdb — versions 1.0.0, 1.0.1, 1.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

[couchdb-user] 20130114 CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI (mailing-list, x_refsource_MLIST)
20130114 CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI (mailing-list, x_refsource_BUGTRAQ)