CVE-2006-6483 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-6483
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-6483

Description: Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/30841 ST 1017361 SREASON http://securityreason.com/securityalert/2021 SAID Secunia Advisory: SA23281 CONFIRM http://www.adobe.com/support/security/bulletins/apsb07-06.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/454046/100/0/threaded BID 21532

Return to the previous page.