CVE-2005-4072

Name of the Vulnerable Software and Affected Versions CFMagic Magic Forum Personal versions 2.5 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the Words parameter in the "search forums.cfm" file, specifically in the "Search For:" field. This could potentially lead to malicious script execution.

Recommendations For versions 2.5 and earlier, as a temporary workaround, consider restricting access to the search forums.cfm file or disabling the "Search For:" field until a fix is available. Avoid using the Words parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.