Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ColdFusion HTML标签跨站脚本攻击漏洞
Vulnerability Description
ColdFusion MX是一款高效的网络应用服务器开发环境,具有很高的易用性和开发效率,基于标准的Java技术,可以与XML、Web Services和Microsoft.NET环境相集成。 ColdFusion在处理用户请求时存在安全漏洞,远程攻击者可能利用这些漏洞获取服务器相关的敏感信息。ColdFusion 可能无法过滤HTML标签.当反向保护时允许远程攻击者造成跨站脚本攻击.注入任意WEB脚本和HTML代码.利用空字节(%00)在确定HTML标签,像%00scrip这样的标签.
CVSS Information
N/A
Vulnerability Type
N/A