CVE-2006-5859

medium

Description

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.

References

http://www.vupen.com/english/advisories/2007/0592

http://www.securitytracker.com/id?1017644

http://www.securityfocus.com/bid/22544

http://www.adobe.com/support/security/bulletins/apsb07-03.html

http://secunia.com/advisories/24115

http://osvdb.org/32121

Details

Source: Mitre, NVD

Published: 2007-02-14

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.02799