Unrated severityNVD Advisory· Published Aug 15, 2012· Updated Apr 29, 2026
CVE-2012-4037
CVE-2012-4037
Description
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
Affected products
87cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*+ 86 more
- cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*range: <=2.60
- cpe:2.3:a:transmissionbt:transmission:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.70:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.71:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.72:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.80:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.81:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.82:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.94:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.06:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.30:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.31:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.32:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.33:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.34:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.40:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.41:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.42:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.50:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.51:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.52:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.53:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.54:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.60:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.61:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.70:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.71:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.72:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.73:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.74:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.75:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.76:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.77:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.80:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.81:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.82:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.83:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.90:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.92:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.93:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.00:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.01:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.02:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.03:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.04:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.12:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.13:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.20:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.21:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.22:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.30:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.31:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.32:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.33:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.40:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.41:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.42:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.50:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.51:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.52:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- trac.transmissionbt.com/ticket/4979nvdPatch
- archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.htmlnvdExploit
- www.madirish.net/541nvdExploit
- secunia.com/advisories/50027nvdVendor Advisory
- secunia.com/advisories/50769nvd
- www.securityfocus.com/bid/54705nvd
- www.ubuntu.com/usn/USN-1584-1nvd
- trac.transmissionbt.com/wiki/Changesnvd
News mentions
0No linked articles in our index yet.