2 matches found
Adobe ColdFusion多个跨站脚本及无效日志漏洞
BUGTRAQ ID: 28205,28207 CVECAN ID: CVE-2008-0643,CVE-2008-0644,CVE-2008-1203 ColdFusion MX是一款高效的网络应用服务器开发环境,具有很高的易用性和开发效率,基于标准的Java技术,可以与XML、Web Services和Microsoft.NET环境相集成。 如果ColdFusion应用的Application.cfm或Application.cfc包含有setEncoding函数的话,远程攻击者就可以通过提交恶意请求执行跨站脚本攻击。...
CVE-2008-0644
Adobe ColdFusion MX 7.x (7.00, 7.01, 7.02) and ColdFusion 8 are affected by a cross‑site scripting bypass via the setEncoding function. The Seebug entry confirms remote attackers can trigger XSS through inadequate handling of CGI variables and setEncoding, with the impact being bypassed XSS prote...