Fusetalk vulnerabilities
6 known vulnerabilities affecting fusetalk/fusetalk.
Total CVEs
6
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2007-3301P3HIGHCVSS 7.5PoCv2.02007-06-20
CVE-2007-3301 [HIGH] CVE-2007-3301: SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers
SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. NOTE: a patch may have been released privately between April and June 2007. NOTE: this issue may overlap CVE-2007-3273.
nvd
CVE-2004-1995P4MEDIUMCVSS 6.5PoCv2.02004-12-31
CVE-2004-1995 [MEDIUM] CWE-352 CVE-2004-1995: Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create ar
Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm.
nvd
CVE-2012-5295P4MEDIUMCVSS 4.3PoC≤ 3.2v3.0+2 more2012-10-04
CVE-2012-5295 [MEDIUM] CWE-79 CVE-2012-5295: Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remo
Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.
nvd
CVE-2007-3339P4MEDIUMCVSS 4.3PoCv2.0v3.0+2 more2007-06-21
CVE-2007-3339 [MEDIUM] CWE-79 CVE-2007-3339: Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk
Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/include/error/autherror.cfm, and the (3) FTVAR_SCRIPTRUN parameter to (b) forum/
nvd
CVE-2007-3705P4HIGHCVSS 7.5v2.02007-07-11
CVE-2007-3705 [HIGH] CWE-89 CVE-2007-3705: SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL command
SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified components, related to forum/include/error/forumerror.cfm.
nvd
CVE-2007-3273P4HIGHCVSS 7.5v2.02007-06-19
CVE-2007-3273 [HIGH] CWE-89 CVE-2007-3273: SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrar
SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd