Cross-Site Scripting Vulnerability in Adobe ColdFusion
CVE-2017-11285

6.1MEDIUM

Key Information:

Vendor
Adobe
Status
Adobe Coldfusion Update 4 And Earlier Versions For Coldfusion 2016 Release. Update 12 And Earlier Versions For Coldfusion 11.
Vendor
CVE Published:
1 December 2017

Summary

Adobe ColdFusion contains a cross-site scripting vulnerability that may allow attackers to inject malicious scripts into web applications. This affects Update 4 and earlier versions for ColdFusion 2016, as well as Update 12 and earlier versions for ColdFusion 11. Successful exploitation of this vulnerability could enable a remote attacker to execute arbitrary scripts in the context of the user's browser, potentially leading to data theft, session hijacking, and further attacks. Users are urged to apply the recommended updates to mitigate risks.

Affected Version(s)

Adobe ColdFusion Update 4 and earlier for ColdFusion 2016 release. Update 12 and earlier for ColdFusion 11. Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.

References

https://helpx.adobe.com/security/products/coldfusion/apsb...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/100711
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039321
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.