Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI
Jan 14 2013 10:05AM
Jan Lehnardt (jan apache org)
DOM based Cross-Site Scripting via Futon UI
Apache CouchDB releases up to and including 1.0.3, 1.1.1, and 1.2.0
Query parameters passed into the browser-based test suite are not sanitised,
and can be used to load external resources. ...
[ more ]
Copyright 2010, SecurityFocus