Published: 31/12/2002 Updated: 30/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote malicious users to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
macromedia coldfusion 6.0
microsoft internet information services 5.0
microsoft windows 2000

source: wwwsecurityfocuscom/bid/5011/info ColdFusion MX is prone to cross site scripting attacks Attacker-supplied script code may be included in a malicious missing template URI generated by the default Missing Template handler of ColdFusion The attacker-supplied script code will be executed in the browser of a web user who visits thi ...

Cloud One Workload Security Scripts for Vulnerability Management Cloud One Workload Security Scripts for Vulnerability Management Configuration policy_on_querypy policy_on_r7_reportpy policy_on_tenable_reportpy Support Contribute This folder contains multiple python scripts to help with vulnerability management and Workload Security policy-on-query Ensures to set IPS

CWE-79 http://online.securityfocus.com/archive/1/277487 http://www.securityfocus.com/bid/5011 http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047 https://exchange.xforce.ibmcloud.com/vulnerabilities/9360 https://nvd.nist.gov https://github.com/mawinkler/c1-ws-vulnerability-management https://www.exploit-db.com/exploits/21548/

CVE-2002-1700

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect