CVE-2007-3339

Published: Jun 21, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/include/error/autherror.cfm, and the (3) FTVAR_SCRIPTRUN parameter to (b) forum/include/common/comfinish.cfm and (c) blog/include/common/comfinish.cfm.

Affected (15)

Products: Fusetalk: Fusetalk

1 product

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Fusetalk Fusetalk	Version 2.0
Fusetalk Fusetalk	Version 2.0
Fusetalk Fusetalk	Version 2.0
Fusetalk Fusetalk	Version 2.0
Fusetalk Fusetalk	Version 3.0
Fusetalk Fusetalk	Version 3.0
Fusetalk Fusetalk	Version 3.0
Fusetalk Fusetalk	Version 3.0
Fusetalk Fusetalk	Version 3.0
Fusetalk Fusetalk	Version 3.2
Fusetalk Fusetalk	Version 4.0
Fusetalk Fusetalk	Version 4.0
Fusetalk Fusetalk	Version 4.0
Fusetalk Fusetalk	Version 4.0
Fusetalk Fusetalk	Version 4.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (20)

http://osvdb.org/37141

Source: cve@mitre.org

http://osvdb.org/37142

Source: cve@mitre.org

http://osvdb.org/37143

Source: cve@mitre.org

http://secunia.com/advisories/25707

Source: cve@mitre.org

http://securityreason.com/securityalert/2842

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/471846/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/471853/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/24563

Source: cve@mitre.org

http://www.securityfocus.com/bid/24564

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/34955

Source: cve@mitre.org

http://osvdb.org/37141

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/37142

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/37143

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25707

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/2842

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/471846/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/471853/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24563

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24564

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/34955

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.