Unrated severityNVD Advisory· Published Aug 5, 2005· Updated Apr 16, 2026

CVE-2005-2480

Description

Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm.

Affected products

Macromedia/Coldfusion Fusebox
cpe:2.3:a:macromedia:coldfusion_fusebox:4.1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/14460nvdExploit
secunia.com/advisories/16320nvdVendor Advisory
marc.infonvd
exchange.xforce.ibmcloud.com/vulnerabilities/21697nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000