Vulnerabilities > Fusetalk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-10-04 | CVE-2012-5295 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter. | 4.3 |
| 2007-07-11 | CVE-2007-3705 | SQL Injection vulnerability in Fusetalk 2.0 SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified components, related to forum/include/error/forumerror.cfm. | 7.5 |
| 2007-06-21 | CVE-2007-3339 | Cross-Site Scripting vulnerability in Fusetalk Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/include/error/autherror.cfm, and the (3) FTVAR_SCRIPTRUN parameter to (b) forum/include/common/comfinish.cfm and (c) blog/include/common/comfinish.cfm. | 4.3 |
| 2007-06-20 | CVE-2007-3301 | SQL Injection vulnerability in Fusetalk 2.0 SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. | 7.5 |
| 2007-06-19 | CVE-2007-3273 | SQL Injection vulnerability in Fusetalk 2.0 SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2004-12-31 | CVE-2004-1995 | Cross-Site Request Forgery (CSRF) vulnerability in Fusetalk 2.0 Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm. | 6.5 |