CVE-2006-6483

2006-12-12T20:28:00
ID CVE-2006-6483
Type cve
Reporter cve@mitre.org
Modified 2018-10-17T21:48:00

Description

Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag.