PT-2006-3328 · Macromedia · Macromedia Coldfusion Mx

Zuxncwaruio

Published

2006-05-15

Updated

2017-07-20

CVE-2006-2364

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Macromedia ColdFusion versions 5 and earlier

Description A cross-site scripting (XSS) issue exists in the validation feature, allowing remote attackers to inject arbitrary web script or HTML via a required field. This occurs when the associated normal field is missing or empty and the input is not properly sanitized before being presented in an error message.

Recommendations For Macromedia ColdFusion versions 5 and earlier, consider disabling the validation feature temporarily until a proper fix is available, or ensure that all input fields are properly sanitized to prevent arbitrary script injection.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2364

Affected Products

Macromedia Coldfusion Mx

PT-2006-3328 · Macromedia · Macromedia Coldfusion Mx

CVE-2006-2364

Related Identifiers

Affected Products

References · 5