CVE-2006-5859 Information

Description

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1 when Global Script Protection is not enabled allows remote attackers to inject arbitrary HTML and web script via unknown vectors possibly related to Linkdirect.cfm Topnav.cfm and Welcomedoc.cfm.

Reference

http://osvdb.org/32121 http://secunia.com/advisories/24115 http://www.adobe.com/support/security/bulletins/apsb07-03.html http://www.securityfocus.com/bid/22544 http://www.securitytracker.com/id?1017644 http://www.vupen.com/english/advisories/2007/0592