CVE-2005-2480 Information

Description

Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter which is not quoted in an error page as demonstrated using index.cfm.

Reference

http://marc.info/?l=bugtraq&m=112309656102615&w=2 http://secunia.com/advisories/16320 http://www.securityfocus.com/bid/14460 https://exchange.xforce.ibmcloud.com/vulnerabilities/21697