CVE-2006-6483 — Cross-site Scripting in Adobe Coldfusion
3 documents3 sources
Severity
2.6LOWNVD
EPSS
2.1%
top 16.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 12
Latest updateMay 1
Description
Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag.
CVSS vector
AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9