VULHUB ™

A HTML injection vulnerability has been reported for ColdFusion. Reportedly, ColdFusion does not adequately sanitize log entries of malicious HTML code. When certain ColdFusion functions receive inappropriate or faulty data, ColdFusion will generate an exception and write a log entry. An attacker can exploit this vulnerability to insert malicious HTML code into a function that will trigger the exception and cause a malicious log entry to be written. When some user views the logs, typically the administrator, any malicious HTML code in the logs will be executed in the victim user's browser, in the security context of the host. This issue may potentially be exploited to hijack web content or steal cookie-based authentication credentials from users.

A HTML injection vulnerability has been reported for ColdFusion. Reportedly, ColdFusion does not adequately sanitize log entries of malicious HTML code. When certain ColdFusion functions receive inappropriate or faulty data, ColdFusion will generate an exception and write a log entry. An attacker can exploit this vulnerability to insert malicious HTML code into a function that will trigger the exception and cause a malicious log entry to be written. When some user views the logs, typically the administrator, any malicious HTML code in the logs will be executed in the victim user's browser, in the security context of the host. This issue may potentially be exploited to hijack web content or steal cookie-based authentication credentials from users.