CVE-2011-0734

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion versions prior to 9.0.1 CHF1

Description A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element. This is related to a "tag body" attack.

Recommendations For versions prior to 9.0.1 CHF1, update to Adobe ColdFusion 9.0.1 CHF1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the id parameter in affected pages to minimize the risk of exploitation.