FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

couchdb -- DOM based Cross-Site Scripting via Futon UI

Affected packages
couchdb < 1.2.1,1

Details

VuXML ID 4fb45a1c-c5d0-11e2-8400-001b216147b0
Discovery 2012-01-14
Entry 2013-05-26

Jan Lehnardt reports:

Query parameters passed into the browser-based test suite are not sanitised, and can be used to load external resources. An attacker may execute JavaScript code in the browser, using the context of the remote user.

References

CVE Name CVE-2012-5650
URL http://mail-archives.apache.org/mod_mbox/couchdb-user/201301.mbox/%3C2FFF2FD7-8EAF-4EBF-AFDA-5AEB6EAC853F@apache.org%3E