{"id":"MGASA-2014-0559","summary":"Updated couchdb packages fix CVE-2010-5312","details":"Updated couchdb packages fix security vulnerability:\n\nCross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog\nwidget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary\nweb script or HTML via the title option (CVE-2010-5312).\n\nThe embedded copy of jQuery UI in couchdb has been updated to version 1.10.4\nto fix this issue.\n","modified":"2026-04-16T06:23:43.719452796Z","published":"2014-12-31T12:28:04Z","upstream":["CVE-2010-5312"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0559.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14788"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145767.html"}],"affected":[{"package":{"name":"couchdb","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/couchdb?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.0-2.5.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0559.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}