16.3. CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue¶
|Affected:||Apache CouchDB 0.8.0 to 1.0.1|
|Vendor:||The Apache Software Foundation|
All users should upgrade to CouchDB 1.0.2.
Users on earlier versions should consult with upgrade notes.
Due to inadequate validation of request parameters and cookie data in Futon, CouchDB’s web-based administration UI, a malicious site can execute arbitrary code in the context of a user’s browsing session.
This XSS issue was discovered by a source that wishes to stay anonymous.