SecureCFM is dedicated to the audit of ColdFusion
source code, in order to detect then correct possible Cross
Site Scripting vulnerabilities.
You can use it to check that your web site is not vulnerable.
This software is designed to be used with cfm sources, not
with online pages generated by a ColdFusion server; to
check a site you have to own the sources.
SecureCFM is available on Windows and Linux, under GNU GPL license.
You need explanations about Cross Site Scripting
Take a look at this document published by the CERT :