Adobe ColdFusion is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The following versions are vulnerable:
ColdFusion (2016 release) Update 4 and prior versions.
ColdFusion 11 Update 12 and prior versions.
Information
Adobe ColdFusion 2016.0 Update 3
Adobe ColdFusion 2016.0 Update 2
Adobe ColdFusion 2016.0 Update 1
Adobe ColdFusion 2016.0
Adobe ColdFusion 11 Update 9
Adobe ColdFusion 11 Update 8
Adobe ColdFusion 11 Update 7
Adobe ColdFusion 11 Update 6
Adobe ColdFusion 11 Update 5
Adobe ColdFusion 11 Update 4
Adobe ColdFusion 11 Update 3
Adobe ColdFusion 11 Update 2
Adobe ColdFusion 11 Update 12
Adobe ColdFusion 11 Update 11
Adobe ColdFusion 11 Update 10
Adobe ColdFusion 11 Update 1
Adobe ColdFusion 11
Adobe ColdFusion 11 Update 13
Exploit
To exploit this issue an attacker must entice a victim into following a malicious URI.
References: