CVE-2008-0644

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions MX 7 through 8

Description The issue allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications. This is related to the setEncoding function, although the exact vectors are not specified.

Recommendations For Adobe ColdFusion versions MX 7 through 8, consider restricting the use of the setEncoding function until a patch is available. As a temporary workaround, review application configurations to minimize the risk of cross-site scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.