Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2480


Vulnerability Score 4.3 4.3
CVE Id CVE-2005-2480
Last Modified 05 Sep 2008 04:51:52
Published 05 Aug 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm.

Vulnerable Systems


  • Macromedia Coldfusion Fusebox 4.1.0


BID - 14460

SECUNIA - 16320

XF - fusebox-fuseaction-xss(21697)

BUGTRAQ - 20050803 Coldfusion Fusebox V4.1.0 Vulnerability

Last Updated: 27 May 2016 10:40:32