Hi, Has anyone else found that if you have a custom error page in NT/IIS that you are vulnerable to a cross site scripting attack? i.e. http://www.myserver.com/<script>alert()</script> Which will cause the javascript popup to be executed if you have your 404 error set to a Cold Fusion Template URL. Does this mean that you can't have an intelligent 404 page? Or am I just missing something?
I have patched NT/IIS to be up to date. Can anyone shed any light on this? Thanks Chuck Rodgers ______________________________________________________________________ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
