CVE-2006-2311

Name of the Vulnerable Software and Affected Versions BlueDragon Server and Server JX version 6.2.1.286

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a ".cfm" or ".cfml" file. The result is reflected in the default error page.

Recommendations For version 6.2.1.286, consider validating and sanitizing user input for filenames to prevent injection of malicious scripts. As a temporary workaround, restrict access to .cfm and .cfml files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.