FuseTalk 4.0 - 'AuthError.cfm' Multiple Cross-Site Scripting Vulnerabilities
| EKU-ID: 35313 | CVE: CVE-2007-3339;OSVDB-37141 | OSVDB-ID: |
| Author: Ivan Almuina | Published: 2007-06-20 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 35313 | CVE: CVE-2007-3339;OSVDB-37141 | OSVDB-ID: |
| Author: Ivan Almuina | Published: 2007-06-20 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/24564/info FuseTalk is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks. http://www.example.com/forum/include/error/autherror.cfm?errorcode=1 &FTVAR_LINKP=[xss] http://www.example.com/blog/forum/include/error/autherror.cfm?errorcode=1 &FTVAR_URLP=[xss]