Unrated severityNVD Advisory· Published Feb 14, 2007· Updated Jun 16, 2026
CVE-2006-5859
CVE-2006-5859
Description
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.
Affected products
3cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0.1:*:*:*:*:*:*:*
- (no CPE)range: = 7.0, 7.0.1
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.