Adobe ColdFusion 'probe.cfm'跨站脚本漏洞

Bugtraq ID: 49220 Adobe ColdFusion是一款高效的网络应用服务器开发环境。 Adobe ColdFusion probe.cfm不正确过滤用户提交的参数，攻击者可以进行跨站脚本攻击，可获得敏感信息或劫持用户会话。 0 Adobe ColdFusion 目前没有详细解决方案提供： http://www.adobe.com/products/coldfusion/ http://ssvdb.com/CFIDE/probe.cfm?name=scriptalert"G.R0b1n"/script...

ColdFusion probe.cfm Cross Site Scripting

Describe£ºColdFusion probe.cfm page local parameter can xss CVE£ºUnknow PoC£º http://127.0.0.1/CFIDE/probe.cfm?name=alert"G.R0b1n" URL.Name parameter can xss only local. Or visit: http://www.focusecurity.org/2011/08/ColdFusion-Local-Parameter-Xss-Exploit.html...

Adobe ColdFusion - 'probe.cfm' Cross-Site Scripting

source: https://www.securityfocus.com/bid/49220/info Adobe ColdFusion is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website...

CVE-2003-1469

The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message...