| Vulnerability Name: | CVE-2002-1700 (CCN-9360) | ||||||||
| Assigned: | 2002-06-13 | ||||||||
| Published: | 2002-06-13 | ||||||||
| Updated: | 2018-10-30 | ||||||||
| Summary: | Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Jun 18 2002 - 12:15:39 CDT ColdFusion MX Cross Site Scripting vulnerability Source: MITRE Type: CNA CVE-2002-1700 Source: BUGTRAQ Type: UNKNOWN 20020618 ColdFusion MX Cross Site Scripting vulnerability Source: CCN Type: Macromedia Product Security Bulletin MPSB02-03 Patch available for default Missing Template page in ColdFusion MX Source: CONFIRM Type: UNKNOWN http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047 Source: CCN Type: OSVDB ID: 21557 ColdFusion MX Error Message XSS Source: BID Type: UNKNOWN 5011 Source: CCN Type: BID-5011 ColdFusion MX Missing Template Cross Site Scripting Vulnerability Source: XF Type: UNKNOWN coldfusion-missing-template-css(9360) Source: XF Type: UNKNOWN coldfusion-missing-template-css(9360) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||