CVE-2006-2364

4 documents4 sources

Severity

5.8MEDIUM

EPSS

0.2%

top 51.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Macromedia Coldfusion

Timeline

PublishedMay 15

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDmacromedia/coldfusion5.0

🔴Vulnerability Details

GHSA

GHSA-c6x5-g4w7-v3wh: Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary↗2022-05-01

▶

CVEList

CVE-2006-2364: Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary↗2006-05-15

▶

💬Community

Bugzilla

CVE-2006-2451 Possible privilege escalation through prctl() and suid_dumpable↗2006-07-15

▶