CVE-2006-5860

EPSS 1.95%
Published 14.02.2007 02:28:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Coldfusion Version6.1 Editionenterprise_server

Adobe ≫ Coldfusion Version7.0 Editionenterprise_multi-server

Adobe ≫ Jrun Version4.0

Adobe ≫ Jrun Version4.0 Updatesp1

Adobe ≫ Jrun Version4.0 Updatesp1a

Adobe ≫ Jrun Version4.0_build_61650

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.95%	0.829

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://osvdb.org/32122

http://secunia.com/advisories/24093

http://www.adobe.com/support/security/bulletins/apsb07-05.html

Patch

http://www.securityfocus.com/bid/22547

Patch

http://www.securitytracker.com/id?1017646

http://www.securitytracker.com/id?1017647

http://www.vupen.com/english/advisories/2007/0594

https://exchange.xforce.ibmcloud.com/vulnerabilities/32475

https://nvd.nist.gov/vuln/detail/CVE-2006-5860

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-5860

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-5860

EUVD