At a glance:
| ID | 13982 |
| Created | Feb 01, 2007 |
| Description Updated | Apr 23, 2014 |
| Severity |
|
| Coverage |
IPS (Regular DB)
IPS (Extended DB)
|
| Default Action | pass |
| Active |
|
| Affected OS | Windows, Linux, BSD, Solaris, Other |
| Affected App | Other |
Legend
| Enabled/Available | 
|
| Disabled/Not Avaliable |
|
Refine Search
Intrusion Prevention
Fusebox.Index.CFM.XSS
Description
ColdFusion Fusebox has a cross-site scripting (XSS) vulnerability. A remote attacker could execute an arbitrary script in a victim's web browser, via specified scripts and parameters, even allowing the attacker to steal the victim's cookie-based authentication credentials.
Affected Products
Fusebox version 4.1.0
Impact
Gain Access
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
http://www.fusebox.org/