Unrated severityNVD Advisory· Published Feb 14, 2007· Updated Apr 23, 2026

CVE-2006-5859

Description

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.

Affected products

Adobe Inc./Coldfusion2 versions
cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

osvdb.org/32121nvd
secunia.com/advisories/24115nvd
www.adobe.com/support/security/bulletins/apsb07-03.htmlnvd
www.securityfocus.com/bid/22544nvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2007/0592nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000