Description

Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.

Remediation

References

CVE-2002-1700

Related Vulnerabilities

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-3673)

Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-7242)

WordPress Plugin McAvoy Cross-Site Scripting (0.1.0)

WordPress Plugin CevherShare 'cevhershare-admin.php' SQL Injection (2.0)

WordPress Plugin AccessPress Social Icons Multiple SQL Injection Vulnerabilities (1.6.6)

Severity

Medium

Classification

CVE-2002-1700 CWE-707

Tags

Missing Update Known Vulnerabilities