Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:20
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/32121 - | |
References | () http://secunia.com/advisories/24115 - | |
References | () http://www.adobe.com/support/security/bulletins/apsb07-03.html - | |
References | () http://www.securityfocus.com/bid/22544 - | |
References | () http://www.securitytracker.com/id?1017644 - | |
References | () http://www.vupen.com/english/advisories/2007/0592 - |
Information
Published : 2007-02-14 01:28
Updated : 2024-11-21 00:20
NVD link : CVE-2006-5859
Mitre link : CVE-2006-5859
CVE.ORG link : CVE-2006-5859
JSON object : View
Products Affected
adobe
- coldfusion
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')