Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2364

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2006-2364
Last Modified 05 Sep 2008 05:04:20
Published 15 May 2006 12:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2364

Summary

Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message.

Vulnerable Systems

Application

  • Macromedia Coldfusion 5.0


References

BID - 17938

BUGTRAQ - 20060510 yet more XSS in older versions of ColdFusion

XF - coldfusion-error-message-xss(26508)

SREASON - 894


Last Updated: 27 May 2016 10:42:26