Unrated severityNVD Advisory· Published Dec 12, 2006· Updated Apr 23, 2026
CVE-2006-6483
CVE-2006-6483
Description
Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag.
Affected products
3cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0.1:*:*:*:*:*:*:*
- Range: <7.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- securitytracker.com/idnvdVendor Advisory
- secunia.com/advisories/23281nvd
- securityreason.com/securityalert/2021nvd
- www.adobe.com/support/security/bulletins/apsb07-06.htmlnvd
- www.securityfocus.com/archive/1/454046/100/0/threadednvd
- www.securityfocus.com/bid/21532nvd
- www.vupen.com/english/advisories/2006/4949nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/30841nvd
News mentions
0No linked articles in our index yet.