Required CVE Record Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
References 7 Total
- http://www.adobe.com/support/security/bulletins/apsb09-12.html
- osvdb.org: 57182 vdb-entry
- osvdb.org: 57183 vdb-entry
- http://www.dsecrg.com/pages/vul/show.php?id=122
- osvdb.org: 57185 vdb-entry
- osvdb.org: 57184 vdb-entry
- securityfocus.com: 20090817 [DSECRG-09-022] Adobe Coldfusion 8 Multiple Linked XSS Vulnerabilies mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 7 Total
- http://www.adobe.com/support/security/bulletins/apsb09-12.html x_transferred
- osvdb.org: 57182 vdb-entryx_transferred
- osvdb.org: 57183 vdb-entryx_transferred
- http://www.dsecrg.com/pages/vul/show.php?id=122 x_transferred
- osvdb.org: 57185 vdb-entryx_transferred
- osvdb.org: 57184 vdb-entryx_transferred
- securityfocus.com: 20090817 [DSECRG-09-022] Adobe Coldfusion 8 Multiple Linked XSS Vulnerabilies mailing-listx_transferred