Fusebox.Index.CFM.XSS

description-logoDescription

ColdFusion Fusebox has a cross-site scripting (XSS) vulnerability. A remote attacker could execute an arbitrary script in a victim's web browser, via specified scripts and parameters, even allowing the attacker to steal the victim's cookie-based authentication credentials.

affected-products-logoAffected Products

Fusebox version 4.1.0

Impact logoImpact

Gain Access

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://www.fusebox.org/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2018-09-26 13.458