CVE-2005-2480

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-2480
Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://www.securityfocus.com/bid/14460 Exploit
http://secunia.com/advisories/16320 Vendor Advisory
http://marc.info/?l=bugtraq&m=112309656102615&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/21697
Configurations

Configuration 1 (hide)

cpe:2.3:a:macromedia:coldfusion_fusebox:4.1.0:*:*:*:*:*:*:*
Information

Published : 2005-08-05 04:00

Updated : 2017-07-11 01:32

NVD link : CVE-2005-2480

Mitre link : CVE-2005-2480

JSON object : View

Products Affected

macromedia

  • coldfusion_fusebox
CWE
NVD-CWE-Other