Computer Security
[EN] securityvulns.ru no-pyccku


ColdFusion crossite scripting
Published:05.02.2007
Source:
SecurityVulns ID:7185
Type:remote
Threat Level:
5/10
Description:User-Agent field from HTTP request is used unfiltered in error message text. It's possible to manipulate client's User-Agent field through Flash.
Affected:ADOBE : ColdFusion Server 5.0
CVE:CVE-2007-0817 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.)
Original documentdocumentdigi7al64_(at)_gmail.com, Cold Fusion Web Server XSS 0 day (05.02.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod