Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-5650

Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite.

Related bugs and status

CVE-2012-5650 (Candidate) is related to these bugs:

Bug #1212481: [FFE] CouchDB 1.4.0 needed to work with Erlang 16.b.1

Summary				In	Importance	Status
	1212481	[FFE] CouchDB 1.4.0 needed to work with Erlang 16.b.1		couchdb (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

BUGTRAQ: 20130114 CVE-2012-5650...
MLIST: [couchdb-user] 2013011...