ColdFusion crossite scripting

2007-02-05T00:00:00
ID SECURITYVULNS:VULN:7185
Type securityvulns
Reporter BUGTRAQ
Modified 2007-02-05T00:00:00

Description

User-Agent field from HTTP request is used unfiltered in error message text. It's possible to manipulate client's User-Agent field through Flash.