FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

couchdb -- DOM based Cross-Site Scripting via Futon UI

Affected packages
couchdb < 1.2.1,1

Details

VuXML ID 4fb45a1c-c5d0-11e2-8400-001b216147b0
Discovery 2012-01-14
Entry 2013-05-26

Jan Lehnardt reports:

Query parameters passed into the browser-based test suite are not sanitised, and can be used to load external resources. An attacker may execute JavaScript code in the browser, using the context of the remote user.

[source]

References

CVE Name CVE-2012-5650
URL http://mail-archives.apache.org/mod_mbox/couchdb-user/201301.mbox/%3C2FFF2FD7-8EAF-4EBF-AFDA-5AEB6EAC853F@apache.org%3E

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.