Lucene search

K
jvnJapan Vulnerability NotesJVN:21388501
HistoryAug 19, 2009 - 12:00 a.m.

JVN#21388501 ColdFusion vulnerable to cross-site scripting

2009-08-1900:00:00
Japan Vulnerability Notes
jvn.jp
8

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.192 Low

EPSS

Percentile

96.3%

ColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability.

This vulnerability is different from JVN#28356427 and JVN#48566866.

Impact

An arbitrary script may be executed on the user’s web browser.

Solution

**Update the Software **
Apply the latest update provided by the vendor.
For more information, refer to the vendor’s website.

Products Affected

  • ColdFusion 8.0.1 and earlier

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.192 Low

EPSS

Percentile

96.3%