Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Adobe Subscribe
Filtered by product Coldfusion

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 15 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-44352 1 Adobe 1 Coldfusion 2023-11-23 N/A 6.1 MEDIUM
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2021-21087 1 Adobe 1 Coldfusion 2022-06-03 3.5 LOW 5.4 MEDIUM
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.
CVE-2022-28818 1 Adobe 1 Coldfusion 2022-05-23 4.3 MEDIUM 6.1 MEDIUM
ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2020-3796 1 Adobe 1 Coldfusion 2021-07-21 4.3 MEDIUM 6.5 MEDIUM
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure.
CVE-2019-7092 1 Adobe 1 Coldfusion 2020-09-04 4.3 MEDIUM 6.1 MEDIUM
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure .
CVE-2018-15962 1 Adobe 1 Coldfusion 2020-09-04 5.0 MEDIUM 5.3 MEDIUM
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-15963 1 Adobe 1 Coldfusion 2020-09-04 5.0 MEDIUM 5.3 MEDIUM
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation.
CVE-2020-3767 1 Adobe 1 Coldfusion 2020-07-01 4.3 MEDIUM 6.5 MEDIUM
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos).
CVE-2016-1113 1 Adobe 1 Coldfusion 2020-05-18 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-11285 1 Adobe 1 Coldfusion 2020-05-18 4.3 MEDIUM 6.1 MEDIUM
Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
CVE-2018-4941 1 Adobe 1 Coldfusion 2020-05-15 4.3 MEDIUM 6.1 MEDIUM
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-4940 1 Adobe 1 Coldfusion 2020-05-15 4.3 MEDIUM 6.1 MEDIUM
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.
CVE-2017-3008 1 Adobe 1 Coldfusion 2020-05-15 4.3 MEDIUM 6.1 MEDIUM
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability.
CVE-2016-4159 1 Adobe 1 Coldfusion 2020-05-14 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1115 1 Adobe 1 Coldfusion 2020-05-14 4.3 MEDIUM 5.9 MEDIUM
Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.