CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
87.2%
Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.
Vendor | Product | Version | CPE |
---|---|---|---|
macromedia | coldfusion | 6.0 | cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:* |
microsoft | internet_information_services | 5.0 | cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:* |
microsoft | windows_2000 | * | cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:* |