CVE-2002-1700
4.3
CVSS Score
Medium
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Link copied!
Description
Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.
CVSS Vector Details
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None
Affected Software Configurations
- a macromedia coldfusion 6.0 * * * * * * *
- a microsoft internet_information_services 5.0 * * * * * * *
- o microsoft windows_2000 * * * * * * * *
Weaknesses (CWE)
- CWE-79
References & External Links
- http://online.securityfocus.com/archive/1/277487
- http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047
- http://www.securityfocus.com/bid/5011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9360
- http://online.securityfocus.com/archive/1/277487
- http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047
- http://www.securityfocus.com/bid/5011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9360
External Resources
CVE History Timeline
Jul 01, 2005 13:15
Initial Analysis
Jul 11, 2017 01:29
CVE Modified
Oct 30, 2018 16:25
CPE Deprecation Remap
May 14, 2024 01:22
CVE Modified
Nov 20, 2024 23:41
CVE Modified