Intrusion Prevention

Fusebox.Index.CFM.XSS

Description

ColdFusion Fusebox has a cross-site scripting (XSS) vulnerability. A remote attacker could execute an arbitrary script in a victim's web browser, via specified scripts and parameters, even allowing the attacker to steal the victim's cookie-based authentication credentials.

Affected Products

Fusebox version 4.1.0

Impact

Gain Access

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://www.fusebox.org/

CVE References

CVE-2005-2480