Vulnerability Details CVE-2009-1872
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.153
EPSS Ranking 94.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/57182
- http://osvdb.org/57183
- http://osvdb.org/57184
- http://osvdb.org/57185
- http://www.adobe.com/support/security/bulletins/apsb09-12.html
- http://www.dsecrg.com/pages/vul/show.php?id=122
- http://www.securityfocus.com/archive/1/505803/100/0/threaded
- http://osvdb.org/57182
- http://osvdb.org/57183
- http://osvdb.org/57184
- http://osvdb.org/57185
- http://www.adobe.com/support/security/bulletins/apsb09-12.html
- http://www.dsecrg.com/pages/vul/show.php?id=122
- http://www.securityfocus.com/archive/1/505803/100/0/threaded
Products affected by CVE-2009-1872
-
cpe:2.3:a:adobe:coldfusion:-
-
cpe:2.3:a:adobe:coldfusion:6.0
-
cpe:2.3:a:adobe:coldfusion:6.1
-
cpe:2.3:a:adobe:coldfusion:7.0
-
cpe:2.3:a:adobe:coldfusion:7.0.1
-
cpe:2.3:a:adobe:coldfusion:7.0.2
-
cpe:2.3:a:adobe:coldfusion:7.2
-
cpe:2.3:a:adobe:coldfusion:8.0
-
cpe:2.3:a:adobe:coldfusion:8.0.1
-
cpe:2.3:a:adobe:coldfusion:8.1