The host is installed with Apache CouchDB through 1.0.1 and is prone to multiple cross-site scripting (XSS) vulnerabilities. The flaws are present in the application, which fails to handle the web administration interface (aka Futon). Successful exploitation could allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.