Cross-Site Scripting Flaw in Apache CouchDB Web Administration Interface
CVE-2010-3854

Currently unrated

Key Information:

Vendor: Apache
Status: Couchdb
Vendor: CVE Published:; 2 February 2011

What is CVE-2010-3854?

Multiple cross-site scripting vulnerabilities exist in the web administration interface (Futon) of Apache CouchDB versions ranging from 0.8.0 to 1.0.1. These flaws allow remote attackers to execute arbitrary web scripts or HTML by exploiting unspecified vectors. By leveraging these vulnerabilities, attackers can manipulate user sessions and potentially access sensitive information, thereby compromising the integrity of affected CouchDB installations.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/65050

vdb-entryx_refsource_XF

http://mail-archives.apache.org/mod_mbox/couchdb-dev/2011...

mailing-listx_refsource_MLIST

http://osvdb.org/70734

vdb-entryx_refsource_OSVDB

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2011
Vulnerability Reserved
Oct 8, 2010