VULHUB ™

FuseTalk ComFinish.CFM 中存在多个跨站脚本攻击漏洞。远程攻击者可以借助提交到(a)forum/include/error/autherror.cfm的(1)FTVAR_LINKP和(2)FTVAR_URLP参数以及到(b)forum/include/common/comfinish.cfm和(c)blog/include/common/comfinish.cfm的(3)FTVAR_SCRIPTRUN参数，注入任意的web脚本或HTML。

FuseTalk ComFinish.CFM 中存在多个跨站脚本攻击漏洞。远程攻击者可以借助提交到(a)forum/include/error/autherror.cfm的(1)FTVAR_LINKP和(2)FTVAR_URLP参数以及到(b)forum/include/common/comfinish.cfm和(c)blog/include/common/comfinish.cfm的(3)FTVAR_SCRIPTRUN参数，注入任意的web脚本或HTML。