CVE-2017-11286

CVE-2017-11286 – Adobe ColdFusion XXE vulnerability in XML parsing affects ColdFusion 2016 Update 4 and earlier, and ColdFusion 11 Update 12 and earlier. The root cause is an XML External Entity (XXE) injection that could enable sensitive data disclosure via crafted XML input. Public advisories (...