Apache CouchDB versions prior to version 0.11.1 are vulnerable to cross site request forgery (CSRF) attacks. A malicious website can POST arbitrary JavaScript code to well known CouchDB installation URLs (like http://localhost:5984/) and make the browser execute the injected JavaScript in the security context of CouchDB's admin interface Futon.
8d09452fd99f2a9bde805d6d65592ab8d21f59caa9061c042dfef6dc38b7b5e5