CVE-2012-4037

EUVD-2012-3981
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
transmissionbttransmission
𝑥
≤ 2.60
transmissionbttransmission
0.1
transmissionbttransmission
0.2
transmissionbttransmission
0.3
transmissionbttransmission
0.4
transmissionbttransmission
0.5
transmissionbttransmission
0.6
transmissionbttransmission
0.6.1
transmissionbttransmission
0.70
transmissionbttransmission
0.71
transmissionbttransmission
0.72
transmissionbttransmission
0.80
transmissionbttransmission
0.81
transmissionbttransmission
0.82
transmissionbttransmission
0.90
transmissionbttransmission
0.91
transmissionbttransmission
0.92
transmissionbttransmission
0.93
transmissionbttransmission
0.94
transmissionbttransmission
0.95
transmissionbttransmission
0.96
transmissionbttransmission
1.00
transmissionbttransmission
1.01
transmissionbttransmission
1.02
transmissionbttransmission
1.2
transmissionbttransmission
1.03
transmissionbttransmission
1.04
transmissionbttransmission
1.05
transmissionbttransmission
1.06
transmissionbttransmission
1.10
transmissionbttransmission
1.11
transmissionbttransmission
1.20
transmissionbttransmission
1.21
transmissionbttransmission
1.22
transmissionbttransmission
1.30
transmissionbttransmission
1.31
transmissionbttransmission
1.32
transmissionbttransmission
1.33
transmissionbttransmission
1.34
transmissionbttransmission
1.40
transmissionbttransmission
1.41
transmissionbttransmission
1.42
transmissionbttransmission
1.50
transmissionbttransmission
1.51
transmissionbttransmission
1.52
transmissionbttransmission
1.53
transmissionbttransmission
1.54
transmissionbttransmission
1.60
transmissionbttransmission
1.61
transmissionbttransmission
1.70
transmissionbttransmission
1.71
transmissionbttransmission
1.72
transmissionbttransmission
1.73
transmissionbttransmission
1.74
transmissionbttransmission
1.75
transmissionbttransmission
1.76
transmissionbttransmission
1.77
transmissionbttransmission
1.80
transmissionbttransmission
1.81
transmissionbttransmission
1.82
transmissionbttransmission
1.83
transmissionbttransmission
1.90
transmissionbttransmission
1.91
transmissionbttransmission
1.92
transmissionbttransmission
1.93
transmissionbttransmission
2.00
transmissionbttransmission
2.01
transmissionbttransmission
2.02
transmissionbttransmission
2.03
transmissionbttransmission
2.04
transmissionbttransmission
2.10
transmissionbttransmission
2.11
transmissionbttransmission
2.12
transmissionbttransmission
2.13
transmissionbttransmission
2.20
transmissionbttransmission
2.21
transmissionbttransmission
2.22
transmissionbttransmission
2.30
transmissionbttransmission
2.31
transmissionbttransmission
2.32
transmissionbttransmission
2.33
transmissionbttransmission
2.40
transmissionbttransmission
2.41
transmissionbttransmission
2.42
transmissionbttransmission
2.50
transmissionbttransmission
2.51
transmissionbttransmission
2.52
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
transmission
bookworm
3.00-2.1+deb12u1
fixed
bullseye
3.00-1
fixed
sid
4.0.6+dfsg-3
fixed
squeeze
not-affected
trixie
4.0.6+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
transmission
hardy
ignored
lucid
not-affected
natty
not-affected
oneiric
not-affected
precise
Fixed 2.51-0ubuntu1.1
released
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html
http://secunia.com/advisories/50027
http://secunia.com/advisories/50769
http://www.madirish.net/541
http://www.securityfocus.com/bid/54705
http://www.ubuntu.com/usn/USN-1584-1
https://trac.transmissionbt.com/ticket/4979
https://trac.transmissionbt.com/wiki/Changes#version-2.61
http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html
http://secunia.com/advisories/50027
http://secunia.com/advisories/50769
http://www.madirish.net/541
http://www.securityfocus.com/bid/54705
http://www.ubuntu.com/usn/USN-1584-1
https://trac.transmissionbt.com/ticket/4979
https://trac.transmissionbt.com/wiki/Changes#version-2.61