CVE-2012-5650

CWE-79 — Cross-site Scripting (XSS)6 documents4 sources

Severity

4.3MEDIUM

EPSS

0.9%

top 24.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Couchdb

Timeline

PublishedMar 18

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/couchdb1.0.3+6

🔴Vulnerability Details

GHSA

GHSA-4324-64fx-mx9p: Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1↗2022-05-17

▶

CVEList

CVE-2012-5650: Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1↗2014-03-18

▶

💬Community

Bugzilla

CVE-2012-5649 CVE-2012-5650 couchdb various flaws [fedora-all]↗2013-01-15

▶

Bugzilla

CVE-2012-5649 CVE-2012-5650 couchdb various flaws [epel-all]↗2013-01-15

▶

Bugzilla

CVE-2012-5650 couchdb: DOM based XSS via Futon UI↗2013-01-15

▶