CVE-2007-3339 in FuseTalkinfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/include/error/autherror.cfm, and the (3) FTVAR_SCRIPTRUN parameter to (b) forum/include/common/comfinish.cfm and (c) blog/include/common/comfinish.cfm.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

06/21/2007

Disclosure

06/21/2007

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
85807	FuseTalk comfinish.cfm cross site scripting	79	Proof-of-Concept	Not defined	CVE-2007-3339
85806	FuseTalk comfinish.cfm cross site scripting	79	Proof-of-Concept	Not defined	CVE-2007-3339
37400	FuseTalk autherror.cfm cross site scripting	79	Proof-of-Concept	Not defined	CVE-2007-3339

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!