CVE-2012-4037

Priority
Medium
Description
Multiple cross-site scripting (XSS) vulnerabilities in the web client in
Transmission before 2.61 allow remote attackers to inject arbitrary web
script or HTML via the (1) comment, (2) created by, or (3) name field in a
torrent file.
References
Bugs
Notes
 mdeslaur> can't reproduce in oneiric and earlier
Assigned-to
mdeslaur
Package
Upstream:released (2.52-3,2.61)
Ubuntu 12.04 LTS (Precise Pangolin):released (2.51-0ubuntu1.1)
Patches:
Upstream:https://trac.transmissionbt.com/changeset/13392
Vendor:http://patch-tracker.debian.org/patch/series/view/transmission/2.52-3/fix_xss_web_client.patch
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:53 UTC (commit 9756)