Unrated severityNVD Advisory· Published Dec 31, 2002· Updated Apr 16, 2026

CVE-2002-1700

Description

Cross-site scripting vulnerability (XSS) in the missing template handler in Macromedia ColdFusion MX allows remote attackers to execute arbitrary script as other users by injecting script into the HTTP request for the name of a template, which is not filtered in the resulting 404 error message.

Affected products

Macromedia/Coldfusion
cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
Microsoft/Internet Information Services
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
Microsoft/Windows 2000
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

online.securityfocus.com/archive/1/277487nvd
www.macromedia.com/v1/Handlers/index.cfmnvd
www.securityfocus.com/bid/5011nvd
exchange.xforce.ibmcloud.com/vulnerabilities/9360nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.013
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000