Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2007-02-14 01:28
Updated : 2024-02-04 17:13
NVD link : CVE-2006-5859
Mitre link : CVE-2006-5859
CVE.ORG link : CVE-2006-5859
JSON object : View
Products Affected
adobe
- coldfusion
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')