Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitpackAlexander PolyakovEXPLOITPACK:040E6E3D64DC329FE6A87B46FE198B9C
HistoryAug 17, 2009 - 12:00 a.m.

Adobe ColdFusion Server 8.0.1 - wizardscommon_logintowizard.cfm Query String Cross-Site Scripting

2009-08-1700:00:00
Alexander Polyakov
10
JSON

Adobe ColdFusion Server 8.0.1 - wizardscommon_logintowizard.cfm Query String Cross-Site Scripting

source: https://www.securityfocus.com/bid/36046/info
  
Adobe ColdFusion is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
  
Attacker-supplied HTML and script code would run in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
  
Adobe ColdFusion 8.0.1 and earlier are vulnerable. 

http://www.example.com:8500/CFIDE/wizards/common/_logintowizard.cfm?>&#039;"><script>alert(&#039;DSECRG_XSS&#039;)</script>
JSON