CVE-2006-6483

Severity

26%

Complexity

49%

Confidentiality

48%

Successful exploitation requires that the target uses Microsoft Internet Explorer.

Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag.

Successful exploitation requires that the target uses Microsoft Internet Explorer.

CVSS 2.0 Base Score 2.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N).

Overview

First reported 18 years ago

2006-12-12 20:28:00

Last updated 6 years ago

2018-10-17 21:48:00

Affected Software

Adobe ColdFusion MX 7.0

7.0

Adobe ColdFusion MX 7.0.1

7.0.1

References

23281

2021

1017361

Vendor Advisory

http://www.adobe.com/support/security/bulletins/apsb07-06.html

20061210 [SBDA] - ColdFusion MX7 - Multiple Vulnerabilities

21532

ADV-2006-4949

coldfusion-path-xss(30841)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.