Cross site scripting

2008-03-1200:44:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.4%

JSON

Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function.

CPENameOperatorVersion
coldfusioneq7.0.2
coldfusioneq8.0
coldfusioneq7.0
coldfusioneq7.0.1

Name	Operator	Version
coldfusion	eq	7.0.2
coldfusion	eq	8.0
coldfusion	eq	7.0
coldfusion	eq	7.0.1

References

secunia.com/advisories/29332

www.adobe.com/support/security/bulletins/apsb08-07.html

www.securityfocus.com/bid/28205

www.securitytracker.com/id?1019590

www.vupen.com/english/advisories/2008/0862/references

exchange.xforce.ibmcloud.com/vulnerabilities/41145