| Vulnerability Name: | CVE-2005-1555 (CCN-20550) | ||||||||
| Assigned: | 2005-05-10 | ||||||||
| Published: | 2005-05-10 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue May 10 2005 - 14:03:38 CDT New Macromedia Security Zone Bulletin Posted Source: MITRE Type: CNA CVE-2005-1555 Source: BUGTRAQ Type: UNKNOWN 20050510 New Macromedia Security Zone Bulletin Posted Source: CCN Type: Macromedia Security Bulletin MPSB05-03 ColdFusion MX 7 cross-site scripting in default error page Source: CONFIRM Type: Patch, Vendor Advisory http://www.macromedia.com/devnet/security/security_zone/mpsb05-03.html Source: CCN Type: ColdFusion MX7 Web page ColdFusion MX7 Source: CCN Type: ColdFusion MX7 System Requirements Web page ColdFusion MX 7 System Requirements Source: CCN Type: OSVDB ID: 15814 ColdFusion Error Page Null Byte XSS Filter Bypass Source: CCN Type: OSVDB ID: 16493 ColdFusion MX JRun Error Page XSS Source: CCN Type: BID-13581 Macromedia ColdFusion MX 7 Default Error Page Cross-Site Scripting Vulnerability Source: XF Type: UNKNOWN coldfusion-mx7-default-page-xss(20550) Source: XF Type: UNKNOWN coldfusion-mx7-default-page-xss(20550) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||