CVSS: 4.3EPSS: 32%CPEs: 21EXPL: 5CVE-2009-1872 – Adobe ColdFusion Server 8.0.1 - '/wizards/common/_logintowizard.cfm' Query String Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1872
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Adobe ColdFusion Server 8.0.1 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro (1) startRow para administrator/logviewer/searchlog.cfm o (2) mediante la cadena de petición para wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm o (4) administrator/enter.cfm. Adobe Coldfusion 8 suffers from cross site scripting and cross site request forgery vulnerabilities. • https://www.exploit-db.com/exploits/33169 https://www.exploit-db.com/exploits/33170 https://www.exploit-db.com/exploits/33167 https://www.exploit-db.com/exploits/33168 http://osvdb.org/57182 http://osvdb.org/57183 http://osvdb.org/57184 http://osvdb.org/57185 http://www.adobe.com/support/security/bulletins/apsb09-12.html http://www.dsecrg.com/pages/vul/show.php?id=122 http://www.securityfocus.com/archive/1/505803/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 4%CPEs: 4EXPL: 0CVE-2007-1278
https://notcve.org/view.php?id=CVE-2007-1278
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. Vulnerabilidad no especificada en el conector IIS en Adobe JRun 4.0 Updater 6, y ColdFusion MX 6.1 y 7.0 Enterprise, cuando se utiliza Microsoft IIS 6, permite a atacantes remotos provocar denegación de servicio a través de vectores no especificados, afectando a la respuesta de un archivo en la raiz web JRun. • http://osvdb.org/34039 http://secunia.com/advisories/24488 http://www.adobe.com/support/security/bulletins/apsb07-07.html http://www.securityfocus.com/bid/22958 http://www.securitytracker.com/id?1017752 http://www.vupen.com/english/advisories/2007/0932 https://exchange.xforce.ibmcloud.com/vulnerabilities/32994 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2006-5860
https://notcve.org/view.php?id=CVE-2006-5860
Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la consola de administración de Adobe JRun 4.0, como el usado en ColdFusion, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores desconocidos. • http://osvdb.org/32122 http://secunia.com/advisories/24093 http://www.adobe.com/support/security/bulletins/apsb07-05.html http://www.securityfocus.com/bid/22547 http://www.securitytracker.com/id?1017646 http://www.securitytracker.com/id?1017647 http://www.vupen.com/english/advisories/2007/0594 https://exchange.xforce.ibmcloud.com/vulnerabilities/32475 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 1CVE-2007-0817 – Adobe ColdFusion 6/7 - User_Agent Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-0817
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe ColdFusion web server permite a atacantes remotos inyectar scripts web o HTML de su elección mediante la cabecera HTTP User-Agent, que no se ha saneado previamente a ser mostrada en una página de error. • https://www.exploit-db.com/exploits/29567 http://osvdb.org/32120 http://secunia.com/advisories/24115 http://www.adobe.com/support/security/bulletins/apsb07-04.html http://www.securityfocus.com/archive/1/459178/100/0/threaded http://www.securityfocus.com/bid/22401 http://www.securitytracker.com/id?1017645 http://www.vupen.com/english/advisories/2007/0593 •
CVSS: 2.6EPSS: 0%CPEs: 3EXPL: 0CVE-2006-4726
https://notcve.org/view.php?id=CVE-2006-4726
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page. Vulnerabilidad de secuencias de comandos en sitios cruzados(XSS) en Adobe ColdFusion MX de 6.1 a 7.02 inclusive, permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificadas con la aparición de una página de error de ColdFusion. • http://secunia.com/advisories/21858 http://securitytracker.com/id?1016833 http://www.adobe.com/support/security/bulletins/apsb06-14.html http://www.securityfocus.com/bid/19982 http://www.vupen.com/english/advisories/2006/3575 https://exchange.xforce.ibmcloud.com/vulnerabilities/28922 •