CVE-2006-2364

Name of the Vulnerable Software and Affected Versions Macromedia ColdFusion versions 5 and earlier

Description A cross-site scripting (XSS) issue exists in the validation feature, allowing remote attackers to inject arbitrary web script or HTML via a required field. This occurs when the associated normal field is missing or empty and the input is not properly sanitized before being presented in an error message.

Recommendations For Macromedia ColdFusion versions 5 and earlier, consider disabling the validation feature temporarily until a proper fix is available, or ensure that all input fields are properly sanitized to prevent arbitrary script injection.