Vulnerabilities > Fusetalk

DATE CVE VULNERABILITY TITLE RISK
2012-10-04 CVE-2012-5295 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.
network
fusetalk CWE-79
4.3
2007-07-11 CVE-2007-3705 SQL Injection vulnerability in Fusetalk 2.0
SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified components, related to forum/include/error/forumerror.cfm.
network
low complexity
fusetalk CWE-89
7.5
2007-06-21 CVE-2007-3339 Cross-Site Scripting vulnerability in Fusetalk
Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/include/error/autherror.cfm, and the (3) FTVAR_SCRIPTRUN parameter to (b) forum/include/common/comfinish.cfm and (c) blog/include/common/comfinish.cfm.
network
fusetalk CWE-79
4.3
2007-06-20 CVE-2007-3301 SQL Injection vulnerability in Fusetalk 2.0
SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter.
network
low complexity
fusetalk CWE-89
7.5
2007-06-19 CVE-2007-3273 SQL Injection vulnerability in Fusetalk 2.0
SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
fusetalk CWE-89
7.5
2004-12-31 CVE-2004-1995 Cross-Site Request Forgery (CSRF) vulnerability in Fusetalk 2.0
Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm.
network
low complexity
fusetalk CWE-352
6.5