ColdFusion Error Page XSS

Medium Nessus Network Monitor Plugin ID 2893


The remote host is running a vulnerable version of Macromedia ColdFusion, a web application server.


The remote host is running Macromedia ColdFusion, a web application server. This version of ColdFusion is vulnerable to a Cross-Site Scripting (XSS) flaw in the way that it handles displaying error pages. An attacker exploiting this flaw would need to be able to convince a user to browse to a malicious URI. Further, the Macromedia site would need to be utilizing the JRUN web server (installed by default, but not recommended for production services). Successful exploitation would result in the potential loss of confidential data (such as authentication cookies).


Upgrade or patch according to vendor recommendations.

See Also

Plugin Details

Severity: Medium

ID: 2893

Family: Web Servers

Published: 2005/05/11

Modified: 2016/01/21

Dependencies: 2804, 2805

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:C


Base Score: 5.3

Temporal Score: 5.1


Temporal Vector: CVSS3#E:H/RL:O/RC:X

Reference Information

BID: 13581