CVE-2002-1700

Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2002-12-31 05:00

Updated : 2024-02-28 10:24


NVD link : CVE-2002-1700

Mitre link : CVE-2002-1700

CVE.ORG link : CVE-2002-1700


JSON object : View

Products Affected

microsoft

  • internet_information_services
  • windows_2000

macromedia

  • coldfusion
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')