CVE-2012-4037
published 2012-08-15CVE-2012-4037: Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML…
PriorityP410low2.6CVSS 2.0
AVNACHAuNCNIPAN
EPSS
1.45%
70.1th percentile
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
Affected
92 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | transmission | < transmission 2.52-3 (bookworm) | transmission 2.52-3 (bookworm) |
| transmissionbt | transmission | <= 2.60 | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
| transmissionbt | transmission | — | — |
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
osv2.6LOW
vendor_debian2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h482-xp8j-m69c: Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2
ghsa_unreviewed·2022-05-17
CVE-2012-4037 [LOW] CWE-79 GHSA-h482-xp8j-m69c: Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
OSV
CVE-2012-4037: Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2
osv·2012-08-15·CVSS 2.6
CVE-2012-4037 [LOW] CVE-2012-4037: Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
Ubuntu
Transmission vulnerability
vendor_ubuntu·2012-09-26
CVE-2012-4037 Transmission vulnerability
Title: Transmission vulnerability
Summary: Transmission could be made to expose sensitive information over the
network.
Justin C. Klein Keane discovered that the Transmission web client
incorrectly escaped certain strings. If a user were tricked into opening a
specially crafted torrent file, an attacker could possibly exploit this to
conduct cross-site scripting (XSS) attacks.
Instructions: After a standard system update you need to restart Transmission to make
all the necessary changes.
Debian
CVE-2012-4037: transmission - Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmi...
vendor_debian·2012·CVSS 2.6
CVE-2012-4037 [LOW] CVE-2012-4037: transmission - Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmi...
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
Scope: local
bookworm: resolved (fixed in 2.52-3)
bullseye: resolved (fixed in 2.52-3)
forky: resolved (fixed in 2.52-3)
sid: resolved (fixed in 2.52-3)
trixie: resolved (fixed in 2.52-3)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-4037 transmission: XSS flaw [fedora-17]
bugzilla·2012-07-26·CVSS 2.6
CVE-2012-4037 [LOW] CVE-2012-4037 transmission: XSS flaw [fedora-17]
CVE-2012-4037 transmission: XSS flaw [fedora-17]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=843580
fedora-17 tra
Bugzilla
CVE-2012-4037 transmission: XSS flaw
bugzilla·2012-07-26·CVSS 2.6
CVE-2012-4037 [LOW] CVE-2012-4037 transmission: XSS flaw
CVE-2012-4037 transmission: XSS flaw
Transmission 2.61 fixes an XSS flaw when processing maliciously crafted .torrent files. It is reported to affect version 2.50 as well (currently in Fedora 17 testing), but does not seem to work with 2.42 as tested in Fedora 16. Recommend upgrading to 2.61 in Fedora 17 and Rawhide.
Discussion:
Created transmission tracking bugs for this issue
Affects: fedora-17 [bug 843581]
---
Forgot to note the report on full-disclosure:
http://seclists.org/fulldisclosure/2012/Jul/348
http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.htmlhttp://secunia.com/advisories/50027http://secunia.com/advisories/50769http://www.madirish.net/541http://www.securityfocus.com/bid/54705http://www.ubuntu.com/usn/USN-1584-1https://trac.transmissionbt.com/ticket/4979https://trac.transmissionbt.com/wiki/Changes#version-2.61http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.htmlhttp://secunia.com/advisories/50027http://secunia.com/advisories/50769http://www.madirish.net/541http://www.securityfocus.com/bid/54705http://www.ubuntu.com/usn/USN-1584-1https://trac.transmissionbt.com/ticket/4979https://trac.transmissionbt.com/wiki/Changes#version-2.61
2012-08-15
Published