Future Internet Multiple Input Validation Vulnerabilities

Future Internet Multiple Input Validation Vulnerabilities

An attacker can exploit the cross-site scripting issues by enticing an unsuspecting user to follow a malicious URI. An attacker can exploit the SQL-injection issue through a web-client.

The following proof-of-concept URIs are available:
http://www.example.com/path_of_script/index.cfm?fuseaction=Portal.Showpage&categoryid=311&newsId=[SQL]
http://www.example.com/path_of_script/index.cfm?fuseaction=Portal.Showpage&categoryid=[SQL]
http://www.example.com/path_of_script/index.cfm?langId=[SQL]
http://www.example.com/path_of_script/index.cfm?fuseaction=Portal.ShowPage&categoryId=[XSS]