CVE-2002-1700
ColdFusion MX - Cross-Site Scripting via Missing Template Handler
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-1700. PoCs published by Macromedia.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in ColdFusion MX's default Missing Template handler. By crafting a malicious URI with embedded script code, an attacker can execute arbitrary JavaScript in the context of a victim's browser.
Description
Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in ColdFusion MX's default Missing Template handler. By crafting a malicious URI with embedded script code, an attacker can execute arbitrary JavaScript in the context of a victim's browser.