2.3. CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue¶
Apache CouchDB 0.8.0 to 1.0.1
The Apache Software Foundation
All users should upgrade to CouchDB 1.0.2.
Users on earlier versions should consult with upgrade notes.
Due to inadequate validation of request parameters and cookie data in Futon, CouchDB’s web-based administration UI, a malicious site can execute arbitrary code in the context of a user’s browsing session.
This XSS issue was discovered by a source that wishes to stay anonymous.