Your submission was sent successfully! Close

CVE-2012-4037

Published: 15 August 2012

Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.

Notes

AuthorNote
mdeslaur
can't reproduce in oneiric and earlier
Priority

Medium

Status

Package Release Status
transmission
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Not vulnerable

natty Not vulnerable

oneiric Not vulnerable

precise
Released (2.51-0ubuntu1.1)
upstream
Released (2.52-3,2.61)
Patches:
upstream: https://trac.transmissionbt.com/changeset/13392
vendor: http://patch-tracker.debian.org/patch/series/view/transmission/2.52-3/fix_xss_web_client.patch