Coldfusion@2016 Security Vulnerabilities and Issues — Coldfusion@2016 CVE List

Lucene search

AdobeColdfusion2016

4 matches found

CVE•added 2016/05/11 1:59 a.m.•48 views

CVE-2016-1113

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS6.2AI score0.00809EPSS

CVE•added 2016/06/16 2:59 p.m.•47 views

CVE-2016-4159

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS5.9AI score0.00698EPSS

CVE•added 2016/05/11 1:59 a.m.•37 views

CVE-2016-1114

Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

9.8CVSS9.7AI score0.0234EPSS

CVE•added 2016/05/11 1:59 a.m.•37 views

CVE-2016-1115

Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

5.9CVSS6.2AI score0.00802EPSS