4 matches found
CVE-2005-2481
CVE-2005-2481 affects ColdFusion Fusebox 4.1.0. The issue is that a malformed or invalid fuseaction parameter allows remote attackers to cause an error message that leaks the full server path. Documents confirm the affected product and the nature of the information disclosure, but do not provide ...
CVE-2005-2480
Cross-site scripting XSS vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm...
CVE-2005-2481
ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" question mark character...
CVE-2005-2480
The CVE-2005-2480 entry concerns Fusebox running on ColdFusion (Fusebox 4.1.0). The vulnerability is a cross-site scripting (XSS) flaw where the fuseaction parameter is not quoted in an error page, enabling an attacker to inject arbitrary script/HTML (demonstrated via index.cfm). Connected docume...