CVSS: 6.1EPSS: 1%CPEs: 19EXPL: 0CVE-2022-28818 – ColdFusion Reflected Cross-Site Scripting could lead to Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2022-28818
12 May 2022 — ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. ColdFusion versiones CF2021U3 (y anteriores) y CF2018U13 están afectadas por una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejado. Si un atacante es capaz de convencer a una víctima a visitar una... • https://helpx.adobe.com/security/products/coldfusion/apsb22-22.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-10145
https://notcve.org/view.php?id=CVE-2020-10145
27 May 2021 — The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability. El instalador de Adobe ColdFusion presenta un fallo al ajustar una lista de control de acceso (ACL) segura en el directorio de instalación predeterminado, como C:\ColdFusion2021\. Por defecto, usuarios no privilegiados pueden crear ... • https://www.kb.cert.org/vuls/id/125331 • CWE-276: Incorrect Default Permissions CWE-284: Improper Access Control •
CVSS: 5.4EPSS: 81%CPEs: 29EXPL: 0CVE-2021-21087 – ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser
https://notcve.org/view.php?id=CVE-2021-21087
15 Apr 2021 — Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction. Las versiones de Adobe Coldfusion 2016 (actualización 16 y anteriores), 2018 (actualización 10 y anteriores) y 2021.0.0.32... • https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2020-9673
https://notcve.org/view.php?id=CVE-2020-9673
17 Jul 2020 — Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. Adobe ColdFusion 2016 update 15 y versiones anteriores, y ColdFusion 2018 update 9 y versiones anteriores, presentan una vulnerabilidad de secuestro de orden de búsqueda de dll. Una explotación con éxito podría conllevar a una escalada de privilegios • https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2020-9672
https://notcve.org/view.php?id=CVE-2020-9672
17 Jul 2020 — Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. Adobe ColdFusion 2016 update 15 y versiones anteriores, y ColdFusion 2018 update 9 y versiones anteriores, presentan una vulnerabilidad de secuestro de orden de búsqueda de dll. Una explotación con éxito podría conllevar a una escalada de privilegios • https://helpx.adobe.com/security/products/coldfusion/apsb20-43.html • CWE-426: Untrusted Search Path •
CVSS: 6.5EPSS: 2%CPEs: 24EXPL: 0CVE-2020-3796
https://notcve.org/view.php?id=CVE-2020-3796
26 Jun 2020 — ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure. ColdFusion versiones ColdFusion 2016 y ColdFusion 2018, presentan una vulnerabilidad de control de acceso inapropiado. Una explotación con éxito podría conllevar a una divulgación de la estructura del archivo de sistema • https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2020-3768
https://notcve.org/view.php?id=CVE-2020-3768
26 Jun 2020 — ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. ColdFusion versiones ColdFusion 2016 y ColdFusion 2018, presenta una vulnerabilidad de secuestro del orden de búsqueda de dll. Una explotación con éxito podría conllevar a una escalada de privilegios • https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html • CWE-426: Untrusted Search Path •
CVSS: 6.5EPSS: 1%CPEs: 24EXPL: 0CVE-2020-3767
https://notcve.org/view.php?id=CVE-2020-3767
26 Jun 2020 — ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos). ColdFusion versiones ColdFusion 2016 y ColdFusion 2018, presenta una vulnerabilidad de comprobación de entrada insuficiente. Una explotación con éxito podría conllevar a una denegación de servicio (DOS) del nivel de aplicación • https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 14%CPEs: 22EXPL: 0CVE-2020-3794
https://notcve.org/view.php?id=CVE-2020-3794
25 Mar 2020 — ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory. ColdFusion versiones ColdFusion 2016 y ColdFusion 2018, presentan una vulnerabilidad de inclusión de archivos. Una explotación con éxito podría conllevar a una ejecución de código arbitraria de archivos ubicados en la webroot o su subdirectorio. • https://helpx.adobe.com/security/products/coldfusion/apsb20-16.html • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.5EPSS: 4%CPEs: 22EXPL: 0CVE-2020-3761
https://notcve.org/view.php?id=CVE-2020-3761
25 Mar 2020 — ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote file read vulnerability. Successful exploitation could lead to arbitrary file read from the coldfusion install directory. ColdFusion versiones ColdFusion 2016 y ColdFusion 2018, presentan una vulnerabilidad de lectura de archivos remota. Una explotación con éxito podría conllevar a la lectura de archivos arbitrarios desde el directorio de instalación de coldfusion. • https://helpx.adobe.com/security/products/coldfusion/apsb20-16.html •