CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-0583
https://notcve.org/view.php?id=CVE-2011-0583
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via the cfform tag. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe ColdFusion v8.0 a v9.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de la etiqueta cfform. • http://secunia.com/advisories/43264 http://www.adobe.com/support/security/bulletins/apsb11-04.html http://www.securityfocus.com/bid/46277 http://www.securitytracker.com/id?1025036 http://www.vupen.com/english/advisories/2011/0334 https://exchange.xforce.ibmcloud.com/vulnerabilities/65279 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-0581
https://notcve.org/view.php?id=CVE-2011-0581
Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified tags. Múltiples vulnerabilidades de subida de ficheros sin restricción en Adobe ColdFusion v8.0 a v9.0.1 permite a atacantes remotos inyectar cabeceras HTTP de su elección y llevar a cabo ataques de división de respuesta HTTP a través de etiquetas no especificadas. • http://secunia.com/advisories/43264 http://www.adobe.com/support/security/bulletins/apsb11-04.html http://www.securityfocus.com/bid/46281 http://www.securitytracker.com/id?1025036 http://www.vupen.com/english/advisories/2011/0334 https://exchange.xforce.ibmcloud.com/vulnerabilities/65276 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-0580
https://notcve.org/view.php?id=CVE-2011-0580
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Adobe ColdFusion 8.0 through 9.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la consola del administrador en Adobe ColdFusion v8.0 a v9.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://secunia.com/advisories/43264 http://www.adobe.com/support/security/bulletins/apsb11-04.html http://www.securityfocus.com/bid/46273 http://www.securitytracker.com/id?1025036 http://www.vupen.com/english/advisories/2011/0334 https://exchange.xforce.ibmcloud.com/vulnerabilities/65277 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2011-0584
https://notcve.org/view.php?id=CVE-2011-0584
Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión en Adobe Coldfusión v8.0 a la 9.0.1, permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://secunia.com/advisories/43264 http://www.adobe.com/support/security/bulletins/apsb11-04.html http://www.securityfocus.com/bid/46278 http://www.securitytracker.com/id?1025036 http://www.vupen.com/english/advisories/2011/0334 https://exchange.xforce.ibmcloud.com/vulnerabilities/65280 •
CVSS: 4.3EPSS: 2%CPEs: 13EXPL: 3CVE-2011-0734
https://notcve.org/view.php?id=CVE-2011-0734
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was originally reported as affecting 9.0.1 CHF1 and earlier. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe ColdFusion v9.0.1 CHF1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un parámetro id que contiene un controlador de evento onLoad de JavaScript para un elemento BODY, relacionado con un ataque de "etiqueta body". • http://archives.neohapsis.com/archives/fulldisclosure/2011-01/0537.html http://kb2.adobe.com/cps/890/cpsid_89094.html http://osvdb.org/70778 http://securitytracker.com/id?1025012 http://websecurity.com.ua/4879 http://www.adobe.com/support/security/bulletins/apsb11-04.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •