Coldfusion Security Vulnerabilities and Issues — Coldfusion CVE List

Lucene search

AdobeColdfusion

4 matches found

CVE•added 2006/12/12 8:28 p.m.•54 views

CVE-2006-6483

Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag.

2.6CVSS5.6AI score0.0239EPSS

CVE•added 2006/09/14 12:7 a.m.•42 views

CVE-2006-4726

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page.

2.6CVSS5.8AI score0.02039EPSS

CVE•added 2010/05/13 5:30 p.m.•36 views

CVE-2010-1294

Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors.

2.1CVSS5.8AI score0.00153EPSS

CVE•added 2025/07/08 9:15 p.m.•7 views

CVE-2025-49546

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access Control vulnerability that could lead to a partial application denial-of-service. A high-privileged attacker could exploit this vulnerability to partially disrupt the availability of the application. Exploit...

2.4CVSS6AI score0.00034EPSS