CVE-2012-4037

Priority
Medium
Description
Multiple cross-site scripting (XSS) vulnerabilities in the web client in
Transmission before 2.61 allow remote attackers to inject arbitrary web
script or HTML via the (1) comment, (2) created by, or (3) name field in a
torrent file.
References
Bugs
Notes
mdeslaur> can't reproduce in oneiric and earlier
Assigned-to
mdeslaur
Package
Upstream:released (2.52-3,2.61)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):not-affected
Ubuntu 11.10 (Oneiric Ocelot):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):released (2.51-0ubuntu1.1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (2.61-0ubuntu1)
Patches:
Upstream:https://trac.transmissionbt.com/changeset/13392
Vendor:http://patch-tracker.debian.org/patch/series/view/transmission/2.52-3/fix_xss_web_client.patch
More Information

Valid XHTML 1.0 Strict

Updated: 2012-09-26 15:14:27 UTC (commit 5820)