Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.
References
Configurations
History
20 Nov 2024, 23:41
Type | Values Removed | Values Added |
---|---|---|
References | () http://online.securityfocus.com/archive/1/277487 - | |
References | () http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047 - | |
References | () http://www.securityfocus.com/bid/5011 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/9360 - |
Information
Published : 2002-12-31 05:00
Updated : 2024-11-20 23:41
NVD link : CVE-2002-1700
Mitre link : CVE-2002-1700
CVE.ORG link : CVE-2002-1700
JSON object : View
Products Affected
microsoft
- windows_2000
- internet_information_services
macromedia
- coldfusion
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')