CVE-2002-1700

ColdFusion MX - Cross-Site Scripting via Missing Template Handler

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1700. PoCs published by Macromedia.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in ColdFusion MX's default Missing Template handler. By crafting a malicious URI with embedded script code, an attacker can execute arbitrary JavaScript in the context of a victim's browser.

Description

Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Macromedia · textremotecfm
https://www.exploit-db.com/exploits/21548

This exploit demonstrates a cross-site scripting (XSS) vulnerability in ColdFusion MX's default Missing Template handler. By crafting a malicious URI with embedded script code, an attacker can execute arbitrary JavaScript in the context of a victim's browser.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ColdFusion MX
No auth needed
Prerequisites: A vulnerable ColdFusion MX server with default Missing Template handler enabled
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources x_refsource_confirm
http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5011
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/277487
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/9360

Scores

EPSS 0.2427
EPSS Percentile 97.6%

Details

CWE
CWE-79
Status published
Products (3)
macromedia/coldfusion 6.0
microsoft/internet_information_services 5.0
microsoft/windows_2000
Published Dec 31, 2002
Tracked Since Feb 18, 2026