CVE-2006-5859

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:7.0.1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:20

Type Values Removed Values Added
References () http://osvdb.org/32121 - () http://osvdb.org/32121 -
References () http://secunia.com/advisories/24115 - () http://secunia.com/advisories/24115 -
References () http://www.adobe.com/support/security/bulletins/apsb07-03.html - () http://www.adobe.com/support/security/bulletins/apsb07-03.html -
References () http://www.securityfocus.com/bid/22544 - () http://www.securityfocus.com/bid/22544 -
References () http://www.securitytracker.com/id?1017644 - () http://www.securitytracker.com/id?1017644 -
References () http://www.vupen.com/english/advisories/2007/0592 - () http://www.vupen.com/english/advisories/2007/0592 -

Information

Published : 2007-02-14 01:28

Updated : 2024-11-21 00:20


NVD link : CVE-2006-5859

Mitre link : CVE-2006-5859

CVE.ORG link : CVE-2006-5859


JSON object : View

Products Affected

adobe

  • coldfusion
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')