Fusebox.Index.CFM.XSS
Description
ColdFusion Fusebox has a cross-site scripting (XSS) vulnerability. A remote attacker could execute an arbitrary script in a victim's web browser, via specified scripts and parameters, even allowing the attacker to steal the victim's cookie-based authentication credentials.
Affected Products
Fusebox version 4.1.0
Impact
Gain Access
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
http://www.fusebox.org/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2018-09-26 | 13.458 |