7 lines
No EOL
802 B
Text
7 lines
No EOL
802 B
Text
source: https://www.securityfocus.com/bid/8840/info
|
|
|
|
It has been reported that Macromedia ColdFusion MX may be prone to a cross-site scripting vulnerability due to improper handling of error messages generated by the underlying database. This problem may be exploited by an attacker to construct a malicious link containing HTML or script code that may be rendered in a user's browser upon visiting that link. If successful, an attacker may obtain access to cookie-based authentication credentials that may lead to other attacks. This attack would occur in the security context of the vulnerable site.
|
|
|
|
Macromedia ColdFusion MX version 6.0 may be vulnerable to this issue, however other versions may be affected as well.
|
|
|
|
http://www.example.com/article.cfm?id=1'<script>alert(document.cookie);</script> |