Lucene search

Japan Vulnerability NotesJVN:21388501

HistoryAug 19, 2009 - 12:00 a.m.

JVN#21388501 ColdFusion vulnerable to cross-site scripting

2009-08-1900:00:00

Japan Vulnerability Notes

jvn.jp

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.192 Low

EPSS

Percentile

96.3%

JSON

ColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability.

This vulnerability is different from JVN#28356427 and JVN#48566866.

Impact

An arbitrary script may be executed on the user’s web browser.

Solution

**Update the Software **
Apply the latest update provided by the vendor.
For more information, refer to the vendor’s website.

Products Affected

ColdFusion 8.0.1 and earlier

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.192 Low

EPSS

Percentile

96.3%

JSON

Related for JVN:21388501