CVE-2006-5860
4.3
CVSS SCORE
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Description
Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVSS Vector Details
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None
Affected Software Configurations
- a adobe coldfusion 6.1 * enterprise_server * * * * *
- a adobe coldfusion 7.0 * enterprise_multi-server * * * * *
- a adobe jrun 4.0 * * * * * * *
- a adobe jrun 4.0 sp1 * * * * * *
- a adobe jrun 4.0 sp1a * * * * * *
- a adobe jrun 4.0_build_61650 * * * * * * *
Weaknesses (CWE)
- CWE-79
References & External Links
- http://osvdb.org/32122
- http://secunia.com/advisories/24093
- http://www.adobe.com/support/security/bulletins/apsb07-05.html
- http://www.securityfocus.com/bid/22547
- http://www.securitytracker.com/id?1017646
- http://www.securitytracker.com/id?1017647
- http://www.vupen.com/english/advisories/2007/0594
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32475
- http://osvdb.org/32122
- http://secunia.com/advisories/24093
- http://www.adobe.com/support/security/bulletins/apsb07-05.html
- http://www.securityfocus.com/bid/22547
- http://www.securitytracker.com/id?1017646
- http://www.securitytracker.com/id?1017647
- http://www.vupen.com/english/advisories/2007/0594
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32475