Computer Security
[EN] no-pyccku

ColdFusion crossite scripting
SecurityVulns ID:7185
Threat Level:
Description:User-Agent field from HTTP request is used unfiltered in error message text. It's possible to manipulate client's User-Agent field through Flash.
Affected:ADOBE : ColdFusion Server 5.0
CVE:CVE-2007-0817 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.)
Original documentdocumentdigi7al64_(at), Cold Fusion Web Server XSS 0 day (05.02.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod