CVE-2012-4037

Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
transmissionbttransmission
𝑥
≤ 2.60
transmissionbttransmission
0.1
transmissionbttransmission
0.2
transmissionbttransmission
0.3
transmissionbttransmission
0.4
transmissionbttransmission
0.5
transmissionbttransmission
0.6
transmissionbttransmission
0.6.1
transmissionbttransmission
0.70
transmissionbttransmission
0.71
transmissionbttransmission
0.72
transmissionbttransmission
0.80
transmissionbttransmission
0.81
transmissionbttransmission
0.82
transmissionbttransmission
0.90
transmissionbttransmission
0.91
transmissionbttransmission
0.92
transmissionbttransmission
0.93
transmissionbttransmission
0.94
transmissionbttransmission
0.95
transmissionbttransmission
0.96
transmissionbttransmission
1.00
transmissionbttransmission
1.01
transmissionbttransmission
1.02
transmissionbttransmission
1.2
transmissionbttransmission
1.03
transmissionbttransmission
1.04
transmissionbttransmission
1.05
transmissionbttransmission
1.06
transmissionbttransmission
1.10
transmissionbttransmission
1.11
transmissionbttransmission
1.20
transmissionbttransmission
1.21
transmissionbttransmission
1.22
transmissionbttransmission
1.30
transmissionbttransmission
1.31
transmissionbttransmission
1.32
transmissionbttransmission
1.33
transmissionbttransmission
1.34
transmissionbttransmission
1.40
transmissionbttransmission
1.41
transmissionbttransmission
1.42
transmissionbttransmission
1.50
transmissionbttransmission
1.51
transmissionbttransmission
1.52
transmissionbttransmission
1.53
transmissionbttransmission
1.54
transmissionbttransmission
1.60
transmissionbttransmission
1.61
transmissionbttransmission
1.70
transmissionbttransmission
1.71
transmissionbttransmission
1.72
transmissionbttransmission
1.73
transmissionbttransmission
1.74
transmissionbttransmission
1.75
transmissionbttransmission
1.76
transmissionbttransmission
1.77
transmissionbttransmission
1.80
transmissionbttransmission
1.81
transmissionbttransmission
1.82
transmissionbttransmission
1.83
transmissionbttransmission
1.90
transmissionbttransmission
1.91
transmissionbttransmission
1.92
transmissionbttransmission
1.93
transmissionbttransmission
2.00
transmissionbttransmission
2.01
transmissionbttransmission
2.02
transmissionbttransmission
2.03
transmissionbttransmission
2.04
transmissionbttransmission
2.10
transmissionbttransmission
2.11
transmissionbttransmission
2.12
transmissionbttransmission
2.13
transmissionbttransmission
2.20
transmissionbttransmission
2.21
transmissionbttransmission
2.22
transmissionbttransmission
2.30
transmissionbttransmission
2.31
transmissionbttransmission
2.32
transmissionbttransmission
2.33
transmissionbttransmission
2.40
transmissionbttransmission
2.41
transmissionbttransmission
2.42
transmissionbttransmission
2.50
transmissionbttransmission
2.51
transmissionbttransmission
2.52
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
transmission
bullseye
3.00-1
fixed
squeeze
not-affected
bookworm
3.00-2.1+deb12u1
fixed
sid
4.0.6+dfsg-3
fixed
trixie
4.0.6+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
transmission
precise
Fixed 2.51-0ubuntu1.1
released
oneiric
not-affected
natty
not-affected
lucid
not-affected
hardy
ignored
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html
http://secunia.com/advisories/50027
http://secunia.com/advisories/50769
http://www.madirish.net/541
http://www.securityfocus.com/bid/54705
http://www.ubuntu.com/usn/USN-1584-1
https://trac.transmissionbt.com/ticket/4979
https://trac.transmissionbt.com/wiki/Changes#version-2.61
http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html
http://secunia.com/advisories/50027
http://secunia.com/advisories/50769
http://www.madirish.net/541
http://www.securityfocus.com/bid/54705
http://www.ubuntu.com/usn/USN-1584-1
https://trac.transmissionbt.com/ticket/4979
https://trac.transmissionbt.com/wiki/Changes#version-2.61