Vulnerability CVE-2012-4037
Published: 2012-08-15   Modified: 2012-08-16

Description:
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:H/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Transmissionbt -> Transmission 

 References:
https://trac.transmissionbt.com/ticket/4979
https://trac.transmissionbt.com/wiki/Changes#version-2.61
http://www.ubuntu.com/usn/USN-1584-1
http://www.securityfocus.com/bid/54705
http://www.madirish.net/541
http://secunia.com/advisories/50769
http://secunia.com/advisories/50027
http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html
Copyright 2024, cxsecurity.com

 

Back to Top