Coldfusion Security Vulnerabilities and Issues — Coldfusion CVE List

Lucene search

AdobeColdfusion

5 matches found

CVE•added 2009/08/18 10:30 p.m.•65 views

CVE-2009-1872

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (...

4.3CVSS5.7AI score0.12EPSS

CVE•added 2009/08/18 10:30 p.m.•56 views

CVE-2009-1876

Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability."

5CVSS6.2AI score0.01476EPSS

CVE•added 2009/08/18 10:30 p.m.•44 views

CVE-2009-1875

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877.

4.3CVSS5.7AI score0.00667EPSS

CVE•added 2009/08/18 10:30 p.m.•39 views

CVE-2009-1877

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875.

4.3CVSS5.7AI score0.00667EPSS

CVE•added 2009/08/18 10:30 p.m.•38 views

CVE-2009-1878

Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

5.8CVSS6.8AI score0.00284EPSS