2 matches found
CVE-2005-2480
The CVE-2005-2480 entry concerns Fusebox running on ColdFusion (Fusebox 4.1.0). The vulnerability is a cross-site scripting (XSS) flaw where the fuseaction parameter is not quoted in an error page, enabling an attacker to inject arbitrary script/HTML (demonstrated via index.cfm). Connected docume...
CVE-2005-2481
CVE-2005-2481 affects ColdFusion Fusebox 4.1.0. The issue is that a malformed or invalid fuseaction parameter allows remote attackers to cause an error message that leaks the full server path. Documents confirm the affected product and the nature of the information disclosure, but do not provide ...