Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2480

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-2480
Last Modified 05 Sep 2008 04:51:52
Published 05 Aug 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-2480

Summary

Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm.

Vulnerable Systems

Application

  • Macromedia Coldfusion Fusebox 4.1.0


References

BID - 14460

SECUNIA - 16320

XF - fusebox-fuseaction-xss(21697)

BUGTRAQ - 20050803 Coldfusion Fusebox V4.1.0 Vulnerability


Last Updated: 27 May 2016 10:40:32