Back to search
CVE-2009-1872
Published: Aug 18, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.adobe.com/support/security/bulletins/apsb09-12.html
x_refsource_CONFIRM
57182
vdb-entry
x_refsource_OSVDB
57183
vdb-entry
x_refsource_OSVDB
http://www.dsecrg.com/pages/vul/show.php?id=122
x_refsource_MISC
57185
vdb-entry
x_refsource_OSVDB
57184
vdb-entry
x_refsource_OSVDB
20090817 [DSECRG-09-022] Adobe Coldfusion 8 Multiple Linked XSS Vulnerabilies
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now