Description

Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.

Remediation

References

CVE-2002-1700

Related Vulnerabilities

Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8600)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000997)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-16943)

WordPress Plugin Lightweight Sidebar Manager Cross-Site Request Forgery (1.1.4)

WordPress Plugin TemplatesNext ToolKit Cross-Site Scripting (3.2.7)

Severity

Medium

Classification

CVE-2002-1700 CWE-707

Tags

Missing Update Known Vulnerabilities