Cross-Site Scripting Vulnerability in Apache CouchDB's Futon UI
CVE-2012-5650

Currently unrated

Key Information:

Vendor: Apache
Status: Couchdb
Vendor: CVE Published:; 18 March 2014

Summary

A cross-site scripting vulnerability exists in the Futon UI of Apache CouchDB, prior to versions 1.0.4, 1.1.2, and 1.2.1. The flaw enables remote attackers to inject arbitrary web scripts or HTML into the application through unspecified parameters that are not properly sanitized. Successful exploitation could lead to unauthorized access to sensitive information or to execute malicious scripts in the context of an authenticated user's session.

References

http://mail-archives.apache.org/mod_mbox/couchdb-user/201...

mailing-listx_refsource_MLIST

http://archives.neohapsis.com/archives/bugtraq/2013-01/00...

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Mar 18, 2014
Vulnerability Reserved
Oct 24, 2012