Coldfusion Security Vulnerabilities and Issues — Coldfusion CVE List

Lucene search

AdobeColdfusion

5 matches found

CVE•added 2006/12/12 8:28 p.m.•55 views

CVE-2006-6483

Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag.

2.6CVSS5.6AI score0.02001EPSS

CVE•added 2006/09/14 12:7 a.m.•43 views

CVE-2006-4726

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page.

2.6CVSS5.8AI score0.02039EPSS

CVE•added 2010/05/13 5:30 p.m.•37 views

CVE-2010-1294

Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors.

2.1CVSS5.8AI score0.00153EPSS

CVE•added 2025/07/08 9:15 p.m.•11 views

CVE-2025-49546

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access Control vulnerability that could lead to a partial application denial-of-service. A high-privileged attacker could exploit this vulnerability to partially disrupt the availability of the application. Exploit...

2.4CVSS6AI score0.00053EPSS

CVE•added 2025/08/18 5:15 p.m.•5 views

CVE-2025-54234

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Expl...

2.7CVSS7.2AI score0.00044EPSS