PT-2007-1188 · Adobe · Coldfusion Mx 7
Published
2007-02-14
·
Updated
2011-03-08
·
CVE-2006-5859
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
Adobe ColdFusion MX 7 versions 7.0 through 7.0.1
Description:
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to files such as Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm, when Global Script Protection is not enabled.
Recommendations:
For Adobe ColdFusion MX 7 versions 7.0 through 7.0.1, enable Global Script Protection to mitigate the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Coldfusion Mx 7