Vulnerabilities > CVE-2005-2480 - Cross-Site Scripting vulnerability in Macromedia Coldfusion Fusebox 4.1.0

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
macromedia
nessus
NVD
Published: 2005-08-05
Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm.

Vulnerable Configurations

Part Description Count
Application
Macromedia
1

Nessus

NASL familyCGI abuses : XSS
NASL idFUSEBOX_FUSEACTION_XSS.NASL
descriptionThe remote host is running Fusebox, a framework for building web-based applications in Cold Fusion and PHP. The installed web application appears to have been created using Fusebox in such a way that it fails to sanitize user-supplied input to the
last seen2020-06-01
modified2020-06-02
plugin id19383
published2005-08-04
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/19383
titleFusebox index.cfm fuseaction Parameter XSS

References