icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

CouchDB < 1.0.2 Cross Site Scripting Issue

Medium

Synopsis

The remote database server is vulnerable to a cross-site attack.

Description

The remote host is running CouchDB, a document-oriented database.

Versions of CouchDB earlier than 1.0.2 are potentially affected by a cross-site scripting vulnerability. The application fails to properly sanitize user-supplied input before it is used in the Futon administrative interface. A remote attacker could exploit this to execute arbitrary script code in the security context of CouchDB's admin interface.

Solution

Upgrade to CouchDB 1.0.2 or later.