CVSS: 4.3EPSS: 2%CPEs: 18EXPL: 0CVE-2014-0571
https://notcve.org/view.php?id=CVE-2014-0571
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Adobe ColdFusion 9.0 anterior a Update 13, 9.0.1 antterior a Update 12, 9.0.2 anterior a Update 7, 10 anterior a Update 14, y 11 anterior a Update 2 permite a atacantes remotos inyectar secuencias de comandos remotos a través de vectores no especificados. • http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html http://www.securitytracker.com/id/1031020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 18EXPL: 0CVE-2014-0572
https://notcve.org/view.php?id=CVE-2014-0572
Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows local users to bypass intended IP-based access restrictions via unspecified vectors. Adobe ColdFusion 9.0 anterior a Update 13, 9.0.1 anterior a Update 12, 9.0.2 anterior a Update 7, 10 anterior a Update 14, y 11 anterior a Update 2 permite a usuarios locales evadir las restricciones de acceso basadas en IP a través de vectores no especificados. • http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html http://www.securitytracker.com/id/1031020 • CWE-264: Permissions, Privileges, and Access Controls •