CVE-2006-5859

Published: Feb 14, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.

Affected (2)

Products: Adobe: Coldfusion

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Adobe Coldfusion	Version 7.0.1
Adobe Coldfusion	Version 7.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (12)

http://osvdb.org/32121

Source: cve@mitre.org

http://secunia.com/advisories/24115

Source: cve@mitre.org

http://www.adobe.com/support/security/bulletins/apsb07-03.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/22544

Source: cve@mitre.org

http://www.securitytracker.com/id?1017644

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/0592

Source: cve@mitre.org

http://osvdb.org/32121

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/24115

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.adobe.com/support/security/bulletins/apsb07-03.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/22544

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1017644

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/0592

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.