Description
Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Macromedia · textremotecfm
https://www.exploit-db.com/exploits/21548
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
http://www.macromedia.com/v1/Handlers/index.cfm?ID=23047
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5011
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/277487
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/9360
Scores
EPSS
0.1634
EPSS Percentile
94.9%
Details
CWE
CWE-79
Status
published
Products (3)
macromedia/coldfusion
6.0
microsoft/internet_information_services
5.0
microsoft/windows_2000
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026