Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
macromedia coldfusion 5.0 |