CVE-2005-4072

  • Last update: Apr 13, 2023

Description

Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in search_forums.cfm, as used in the "Search For:" field.

Software From Fixed in
cfmagic / magic_forum_personal - 2.5.x

Details

    • Severity: Low
  • CVE: CVE-2005-4072
  • Published: Dec 8, 2005
  • Updated: Apr 13, 2023
  • Exploit:

CVSS v2

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N