Having been a modified fusebox developer for a while I can say that there are likely MANY more problems besides that, such as SQL injection and XSS issues that still need to be resolved in many Fusebox apps. We addressed them by creating a standard parse function in the index.cfm file that prevented any sub fuses from being affected. However since I was under contract I can't provide said code, sorry. But I highly advise a security module that does basic sanity checks, authentication validation, tests for session hijacks/fixations, and other funny business that gets thrown at the fusebox. This security module or fuse needs to be called first and formost before ANY other fuses get called and should be accessed directly from the index.cfm file before anything else happens. Coldfusion itself doesn't do much for sanity checks, it's up to the developer to take those into consideration. What I found interesting was that the first 10 entries returned from the google search were Senator's... interesting.
