Lucene search

K
AdobeColdfusion

37 matches found

CVE
CVE
added 2023/03/23 8:15 p.m.80 views

CVE-2023-26361

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in Arbitrary file system read. Exploitation of this issue does not require user in...

4.9CVSS4.8AI score0.29591EPSS
CVE
CVE
added 2023/11/17 2:15 p.m.74 views

CVE-2023-44355

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this...

4.3CVSS4.8AI score0.01322EPSS
CVE
CVE
added 2007/02/07 11:28 a.m.69 views

CVE-2007-0817

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.

4.3CVSS5.7AI score0.04853EPSS
CVE
CVE
added 2009/08/18 10:30 p.m.65 views

CVE-2009-1872

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (...

4.3CVSS5.7AI score0.12EPSS
CVE
CVE
added 2014/09/26 10:55 a.m.56 views

CVE-2014-5315

Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.00649EPSS
CVE
CVE
added 2022/10/14 8:15 p.m.55 views

CVE-2022-38423

Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but...

4.9CVSS5AI score0.04952EPSS
CVE
CVE
added 2012/06/13 4:46 a.m.50 views

CVE-2012-2041

CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

4.3CVSS7AI score0.00667EPSS
CVE
CVE
added 2015/11/18 9:59 p.m.50 views

CVE-2015-5255

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to in...

4.3CVSS6.5AI score0.02902EPSS
CVE
CVE
added 2006/10/10 10:7 p.m.49 views

CVE-2006-3978

Unspecified vulnerability in a Verity third party library, as used on Adobe ColdFusion MX 7 through MX 7.0.2 and possibly other products, allows local users to execute arbitrary code via unknown attack vectors.

4.6CVSS7.6AI score0.00403EPSS
CVE
CVE
added 2007/02/14 2:28 a.m.48 views

CVE-2006-5860

Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3CVSS5.6AI score0.02328EPSS
CVE
CVE
added 2015/11/18 9:59 p.m.48 views

CVE-2015-8052

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8053.

4.3CVSS5.7AI score0.00752EPSS
CVE
CVE
added 2011/02/10 4:0 p.m.47 views

CVE-2011-0583

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via the cfform tag.

4.3CVSS5.8AI score0.01633EPSS
CVE
CVE
added 2010/05/13 5:30 p.m.46 views

CVE-2010-1293

Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00816EPSS
CVE
CVE
added 2012/12/12 11:38 a.m.46 views

CVE-2012-5675

Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors.

4.4CVSS6.5AI score0.00108EPSS
CVE
CVE
added 2015/11/18 9:59 p.m.45 views

CVE-2015-8053

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8052.

4.3CVSS5.7AI score0.00752EPSS
CVE
CVE
added 2009/08/18 10:30 p.m.44 views

CVE-2009-1875

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877.

4.3CVSS5.7AI score0.00667EPSS
CVE
CVE
added 2011/02/10 4:0 p.m.44 views

CVE-2011-0584

Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors.

4.3CVSS6.8AI score0.02203EPSS
CVE
CVE
added 2011/12/14 11:55 a.m.44 views

CVE-2011-4368

Cross-site scripting (XSS) vulnerability in Remote Development Services (RDS) in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.9AI score0.00667EPSS
CVE
CVE
added 2014/10/15 10:55 a.m.44 views

CVE-2014-0571

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00667EPSS
CVE
CVE
added 2007/03/16 8:19 p.m.42 views

CVE-2007-1278

Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.

4.3CVSS6.6AI score0.04573EPSS
CVE
CVE
added 2014/10/15 10:55 a.m.42 views

CVE-2014-0572

Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users to bypass intended IP-based access restrictions via unspecified vectors.

4.6CVSS6.4AI score0.00181EPSS
CVE
CVE
added 2008/03/12 12:44 a.m.41 views

CVE-2008-0643

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.02799EPSS
CVE
CVE
added 2010/05/13 5:30 p.m.41 views

CVE-2009-3467

Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3CVSS5.8AI score0.00816EPSS
CVE
CVE
added 2011/02/01 6:0 p.m.41 views

CVE-2011-0735

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via vectors involving a "tag script."

4.3CVSS5.7AI score0.00603EPSS
CVE
CVE
added 2015/04/15 10:59 a.m.41 views

CVE-2015-0345

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.0316EPSS
CVE
CVE
added 2011/02/01 6:0 p.m.40 views

CVE-2011-0734

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was originally reported as af...

4.3CVSS5.8AI score0.00791EPSS
CVE
CVE
added 2006/09/14 12:7 a.m.39 views

CVE-2006-4725

Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox.

4.6CVSS6.3AI score0.00254EPSS
CVE
CVE
added 2009/08/18 10:30 p.m.39 views

CVE-2009-1877

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875.

4.3CVSS5.7AI score0.00667EPSS
CVE
CVE
added 2011/02/10 4:0 p.m.39 views

CVE-2011-0581

Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags.

4.3CVSS7.4AI score0.02386EPSS
CVE
CVE
added 2011/12/14 11:55 a.m.38 views

CVE-2011-2463

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the cfform tag.

4.3CVSS5.7AI score0.00667EPSS
CVE
CVE
added 2011/02/10 4:0 p.m.37 views

CVE-2011-0580

Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.01633EPSS
CVE
CVE
added 2007/02/14 1:28 a.m.33 views

CVE-2006-5859

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.

4.3CVSS5.8AI score0.02799EPSS
CVE
CVE
added 2011/02/01 6:0 p.m.33 views

CVE-2011-0733

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file.

4.3CVSS5.8AI score0.00791EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.5 views

CVE-2025-49539

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to access sensitive information. Explo...

4.5CVSS6.3AI score0.00044EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.5 views

CVE-2025-49540

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

4.3CVSS5.1AI score0.00036EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.5 views

CVE-2025-49541

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

4.3CVSS5.1AI score0.00036EPSS
CVE
CVE
added 2025/07/08 9:15 p.m.5 views

CVE-2025-49543

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

4.3CVSS5.1AI score0.00036EPSS