Intrusion Prevention
Fusebox.Index.CFM.XSS
Description
ColdFusion Fusebox has a cross-site scripting (XSS) vulnerability. A remote attacker could execute an arbitrary script in a victim's web browser, via specified scripts and parameters, even allowing the attacker to steal the victim's cookie-based authentication credentials.
Affected Products
Fusebox version 4.1.0
Impact
Gain Access
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
http://www.fusebox.org/