VYPR
Unrated severityNVD Advisory· Published Feb 14, 2007· Updated Jun 16, 2026

CVE-2006-5859

CVE-2006-5859

Description

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.

Affected products

3
  • cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:7.0.1:*:*:*:*:*:*:*
    • (no CPE)range: = 7.0, 7.0.1

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.