CVE-2012-5650

Apache CouchDB <1.0.4, <1.1.2, <1.2.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite.

References (2)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2013-01/0056.html

[Various Sources] http://mail-archives.apache.org/mod_mbox/couchdb-user/201301.mbox/%3C2FFF2FD7-8EAF-4EBF-AFDA-5AEB6EAC853F%40apache.org%3E

Scores

EPSS 0.0089

EPSS Percentile 75.4%

Details

CWE

CWE-79

Status published

Products (8)

apache/couchdb < 1.0.3

apache/couchdb

n/a/n/a

Published Mar 18, 2014

Tracked Since Feb 18, 2026