| Vulnerability Name: | CVE-2006-2364 (CCN-26508) | ||||||||
| Assigned: | 2006-05-10 | ||||||||
| Published: | 2006-05-10 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. | ||||||||
| CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed May 10 2006 - 11:18:52 CDT yet more XSS in older versions of ColdFusion Source: MITRE Type: CNA CVE-2006-2364 Source: SREASON Type: UNKNOWN 894 Source: CCN Type: OSVDB ID: 25829 ColdFusion Validation Feature _required Field Error Message XSS Source: BUGTRAQ Type: Exploit 20060510 yet more XSS in older versions of ColdFusion Source: BID Type: UNKNOWN 17938 Source: CCN Type: BID-17938 Adobe ColdFusion Required Fields Cross-Site Scripting Vulnerability Source: XF Type: UNKNOWN coldfusion-error-message-xss(26508) Source: XF Type: UNKNOWN coldfusion-error-message-xss(26508) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||