CVE-2002-1700

Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:41

Type Values Removed Values Added
References () http://online.securityfocus.com/archive/1/277487 - () http://online.securityfocus.com/archive/1/277487 -
References () http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047 - () http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047 -
References () http://www.securityfocus.com/bid/5011 - () http://www.securityfocus.com/bid/5011 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/9360 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/9360 -

Information

Published : 2002-12-31 05:00

Updated : 2024-11-20 23:41


NVD link : CVE-2002-1700

Mitre link : CVE-2002-1700

CVE.ORG link : CVE-2002-1700


JSON object : View

Products Affected

microsoft

  • windows_2000
  • internet_information_services

macromedia

  • coldfusion
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')