7 lines
No EOL
479 B
Text
7 lines
No EOL
479 B
Text
source: https://www.securityfocus.com/bid/5011/info
|
|
|
|
ColdFusion MX is prone to cross site scripting attacks.
|
|
|
|
Attacker-supplied script code may be included in a malicious missing template URI generated by the default Missing Template handler of ColdFusion. The attacker-supplied script code will be executed in the browser of a web user who visits this link, in the security context of the host running ColdFusion.
|
|
|
|
http://CF_MX_SERVER/<script>alert(document.cookie)</script>.cfm |