Lucene search

K

78 matches found

CVE
CVE
added 2010/05/13 5:30 p.m.41 views

CVE-2009-3467

Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3CVSS5.8AI score0.00816EPSS
CVE
CVE
added 2011/02/01 6:0 p.m.41 views

CVE-2011-0735

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script."

4.3CVSS5.7AI score0.00603EPSS
CVE
CVE
added 2011/02/01 6:0 p.m.41 views

CVE-2011-0737

Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Se...

5.3CVSS6.3AI score0.00891EPSS
CVE
CVE
added 2013/11/13 1:55 a.m.41 views

CVE-2013-5326

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related ...

3.5CVSS5.5AI score0.00493EPSS
CVE
CVE
added 2015/04/15 10:59 a.m.41 views

CVE-2015-0345

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.0316EPSS
CVE
CVE
added 2011/02/01 6:0 p.m.40 views

CVE-2011-0734

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was originally reported as af...

4.3CVSS5.8AI score0.00791EPSS
CVE
CVE
added 2009/08/18 10:30 p.m.39 views

CVE-2009-1877

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875.

4.3CVSS5.7AI score0.00667EPSS
CVE
CVE
added 2013/11/13 1:55 a.m.39 views

CVE-2013-5328

Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors.

7.8CVSS6.9AI score0.00955EPSS
CVE
CVE
added 2023/09/07 1:15 p.m.39 views

CVE-2021-40698

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass . An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on...

7.4CVSS7.2AI score0.00122EPSS
CVE
CVE
added 2025/05/13 9:16 p.m.39 views

CVE-2025-43562

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could lev...

9.1CVSS7.8AI score0.01057EPSS
CVE
CVE
added 2009/08/18 10:30 p.m.38 views

CVE-2009-1878

Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

5.8CVSS6.8AI score0.00284EPSS
CVE
CVE
added 2012/09/12 10:38 a.m.38 views

CVE-2012-2048

Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors.

5CVSS6.5AI score0.01488EPSS
CVE
CVE
added 2025/05/13 9:16 p.m.38 views

CVE-2025-43561

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass authentication mechanisms and ex...

9.1CVSS7.9AI score0.00491EPSS
CVE
CVE
added 2010/05/13 5:30 p.m.36 views

CVE-2010-1294

Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors.

2.1CVSS5.8AI score0.00153EPSS
CVE
CVE
added 2011/02/01 6:0 p.m.33 views

CVE-2011-0733

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file.

4.3CVSS5.8AI score0.00791EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.10 views

CVE-2025-49551

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized access to sensitive systems or data. Exploitation of this issue does n...

8.8CVSS6.5AI score0.00029EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.9 views

CVE-2025-49535

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. An attacker could exploit this vulnerability to access sensitive information or denial of service b...

9.3CVSS6.4AI score0.00046EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.7 views

CVE-2025-49537

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by a high-privileged attacker. Exploitation of this issue requires user in...

7.9CVSS7.3AI score0.00119EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.7 views

CVE-2025-49546

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access Control vulnerability that could lead to a partial application denial-of-service. A high-privileged attacker could exploit this vulnerability to partially disrupt the availability of the application. Exploit...

2.4CVSS6AI score0.00034EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.6 views

CVE-2025-49536

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of thi...

7.3CVSS6.5AI score0.0004EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.6 views

CVE-2025-49538

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An attacker can exploit this issue by injecting crafted XML or XPath queries to access unauthorized files or lead to denial of service. Exploitation...

7.4CVSS6.9AI score0.00101EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.6 views

CVE-2025-49542

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of...

5.2CVSS5.6AI score0.00058EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.6 views

CVE-2025-49544

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to access sensitive information or byp...

6.8CVSS6.1AI score0.00121EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.5 views

CVE-2025-49539

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to access sensitive information. Explo...

4.5CVSS6.3AI score0.00044EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.5 views

CVE-2025-49540

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

4.3CVSS5.1AI score0.00036EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.5 views

CVE-2025-49541

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

4.3CVSS5.1AI score0.00036EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.5 views

CVE-2025-49543

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

4.3CVSS5.1AI score0.00036EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.5 views

CVE-2025-49545

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of URLs. Exploitation...

6.2CVSS6.7AI score0.00026EPSS
Total number of security vulnerabilities78