CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
90.6%
Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB
before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote
attackers to inject arbitrary web script or HTML via unspecified parameters
to the browser-based test suite.
Author | Note |
---|---|
jdstrand | Workaround is to disable the Futon interface (see full-disclosure information) |