couchdb -- DOM based Cross-Site Scripting via Futon UI

ID 4FB45A1C-C5D0-11E2-8400-001B216147B0
Type freebsd
Reporter FreeBSD
Modified 2012-01-14T00:00:00


Jan Lehnardt reports:

Query parameters passed into the browser-based test suite are not sanitised, and can be used to load external resources. An attacker may execute JavaScript code in the browser, using the context of the remote user.