Adobe ColdFusion MX 7.x prior to 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote malicious users to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe coldfusion 7.0 |
||
adobe coldfusion 7.0.1 |