Lucene search
MitreCVE-2006-2364HistoryMay 15, 2006 - 4:06 p.m.
CVE-2006-2364
2006-05-1516:06:00
mitre
web.nvd.nist.gov
29
cve
2006
2364
cross-site scripting
xss
vulnerability
macromedia
coldfusion
web script
html
error message
remote attackers
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.004
Percentile
72.1%
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a “_required” field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message.
Affected configurations
Node
macromediacoldfusionMatch5.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| macromedia | coldfusion | 5.0 | cpe:2.3:a:macromedia:coldfusion:5.0:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2006-2364
2006-05-15 16:00:00
prion
prion
Cross site scripting
2006-05-15 16:06:00
nvd
nvd
CVE-2006-2364
2006-05-15 16:06:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.004
Percentile
72.1%
Related for CVE-2006-2364