2 matches found
ColdFusion explosion: from XSS to RCE chain reaction-vulnerability warning-the black bar safety net
In the audit of ColdFusion 1 0 and 1 1 of the admin panel, I found a DOM based cross-site scripting vulnerability. In this article I will show you how to exploit the vulnerability from the ColdFusion application server to get remote code execution. The discovery of this vulnerability, I to the...
CVE-2015-0345
Cross-site scripting XSS vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...