CVE-2009-1872

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:adobe:coldfusion:7.0:*:solaris:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:6.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:6.0:*:enterprise_server:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:6.1:*:solaris:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:7.0:*:enterprise_server:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:6.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:7.0:*:linux:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:6.0:*:solaris:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:6.1:*:linux:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:8.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:6.0:*:linux:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:6.1:*:enterprise_server:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:6.0:*:enterprise_multi-server:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:7.2:unknown:mx:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:6.1:*:enterprise_multi-server:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:7.0:*:enterprise_multi-server:*:*:*:*:*

Information

Published : 2009-08-18 15:30

Updated : 2018-10-10 12:38


NVD link : CVE-2009-1872

Mitre link : CVE-2009-1872


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

adobe

  • coldfusion