SecureCFM is dedicated to the audit of ColdFusion source code, in order to detect then correct possible Cross Site Scripting vulnerabilities.
You can use it to check that your web site is not vulnerable.

This software is designed to be used with cfm sources, not with online pages generated by a ColdFusion server; to check a site you have to own the sources.

SecureCFM is available on Windows and Linux, under GNU GPL license.

You need explanations about Cross Site Scripting vulnerabilities ?
Take a look at this document published by the CERT :
 - www.cert.org/archive/pdf/cross_site_scripting.pdf


SecureCFM is hosted by SourceForge.net