Coldfusion@8.1 Security Vulnerabilities and Issues — Coldfusion@8.1 CVE List

Lucene search

AdobeColdfusion8.1

9 matches found

CVE•added 2009/08/18 10:30 p.m.•65 views

CVE-2009-1872

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (...

4.3CVSS5.7AI score0.12EPSS

CVE•added 2008/04/09 7:5 p.m.•46 views

CVE-2008-1656

Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725.

7.5CVSS6.7AI score0.04664EPSS

CVE•added 2009/08/18 10:30 p.m.•44 views

CVE-2009-1875

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877.

4.3CVSS5.7AI score0.00667EPSS

CVE•added 2011/02/01 6:0 p.m.•42 views

CVE-2011-0736

Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes the significance of this issue because the Site-w...

5.3CVSS6.3AI score0.00816EPSS

CVE•added 2011/02/01 6:0 p.m.•41 views

CVE-2011-0735

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script."

4.3CVSS5.7AI score0.00603EPSS

CVE•added 2011/02/01 6:0 p.m.•41 views

CVE-2011-0737

Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the vendor disputes the significance of this issue because the Site-wide Error Handler and Debug Output Se...

5.3CVSS6.3AI score0.00891EPSS

CVE•added 2011/02/01 6:0 p.m.•40 views

CVE-2011-0734

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was originally reported as af...

4.3CVSS5.8AI score0.00791EPSS

CVE•added 2009/08/18 10:30 p.m.•39 views

CVE-2009-1877

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875.

4.3CVSS5.7AI score0.00667EPSS

CVE•added 2009/08/18 10:30 p.m.•38 views

CVE-2009-1878

Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

5.8CVSS6.8AI score0.00284EPSS