CVE-2005-4072

The CVE describes a cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier, where an attacker can inject arbitrary script via the Words parameter in search_forums.cfm used in the “Search For:” field. The available records confirm the affected software and the inp...

CVE-2005-4071

CVE-2005-4071 affects CFMagic Magic Forum Personal 2.5 and earlier. The vulnerabilities are SQL injection in the web interface: (1) ForumID in view_forum.cfm and (2) ForumID, (3) Thread, and (4) ThreadID in view_thread.cfm, allowing remote attackers to execute arbitrary SQL commands. The NVD entr...