CVE-2006-5860

Adobe Coldfusion - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

References (8)

[Patch] http://www.adobe.com/support/security/bulletins/apsb07-05.html

[Patch] http://www.securityfocus.com/bid/22547

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/32475

[Third Party Advisory, VDB Entry] http://osvdb.org/32122

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1017646

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1017647

[Third Party Advisory] http://secunia.com/advisories/24093

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/0594

Scores

EPSS 0.0202

EPSS Percentile 83.6%

Classification

CWE

CWE-79

Status draft

Affected Products (6)

adobe/coldfusion

adobe/jrun

Timeline

Published Feb 14, 2007

Tracked Since Feb 18, 2026