The following vulnerability is inaccurate. Fusebox is a framework popular with ColdFusion developers. The cross-site scripting vulnerability is not specific to the framework, and is clearly an implementation issue. Fusebox, as a framework, does not output any URL parameters to HTML. The output is controled by the application developer. FuseBox does not even have to generate HTML for that matter. Within the fusebox framework, a layout configuration file is used to generate output. The layout file is completely coded by the application developer. The official FuseBox v4.1.0 core files do not contain _any_ layout configuration files. Bugtraq ID: 14460 Class: Input Validation Error CVE: CVE-MAP-NOMATCH Remote: Yes Local: No Published: Aug 03 2005 12:00AM Updated: Aug 03 2005 03:24PM Credit: "N.N.P" is credited with the discovery of this vulnerability. Vulnerable: Fusebox Fusebox 4.1 .0
