No description provided by source.
source: http://www.securityfocus.com/bid/5011/info ColdFusion MX is prone to cross site scripting attacks. Attacker-supplied script code may be included in a malicious missing template URI generated by the default Missing Template handler of ColdFusion. The attacker-supplied script code will be executed in the browser of a web user who visits this link, in the security context of the host running ColdFusion. http://CF_MX_SERVER/<script>alert(document.cookie)</script>.cfm