FreeBSD : couchdb -- DOM based XSS via Futon UI (4fb45a1c-c5d0-11e2-8400-001b216147b0)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Jan Lehnardt reports :

Query parameters passed into the browser-based test suite are not
sanitised, and can be used to load external resources. An attacker may
execute JavaScript code in the browser, using the context of the
remote user.

See also :

http://www.nessus.org/u?d541abff
http://www.nessus.org/u?677e5c71

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 66630 ()

Bugtraq ID:

CVE ID: CVE-2012-5650

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now