Adobe » Coldfusion » 7.0 : Security Vulnerabilities, CVEs, Published In 2006 (XSS)
Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag.
Max CVSS
2.6
EPSS Score
1.17%
Published
2006-12-12
Updated
2018-10-17
1 vulnerabilities found