Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Coldfusion | Adobe | 6.1 | 6.1 |
Coldfusion | Adobe | 7.0.1 | 7.0.1 |
Coldfusion | Adobe | 7.0.2 | 7.0.2 |