PT-2005-3385 · Adobe · Coldfusion Fusebox
N.N.P
·
Publicado
2005-08-05
·
Atualizado
2017-07-11
·
CVE-2005-2480
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
ColdFusion Fusebox version 4.1.0
Description
A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via the
fuseaction parameter in an error page, as demonstrated using index.cfm.Recommendations
For ColdFusion Fusebox version 4.1.0, consider quoting the
fuseaction parameter in error pages to prevent injection of arbitrary web script or HTML. As a temporary workaround, restrict access to the index.cfm page until a proper fix is applied.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Coldfusion Fusebox