ColdFusion MX Missing Template Cross Site Scripting Vulnerability

ID SSV:75373
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


ColdFusion MX is prone to cross site scripting attacks.

Attacker-supplied script code may be included in a malicious missing template URI generated by the default Missing Template handler of ColdFusion. The attacker-supplied script code will be executed in the browser of a web user who visits this link, in the security context of the host running ColdFusion.