CVE-2008-0643

Adobe Coldfusion - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (6)

[Patch] http://www.adobe.com/support/security/bulletins/apsb08-06.html

[Patch] http://www.securityfocus.com/bid/28205

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019589

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41144

[Third Party Advisory] http://secunia.com/advisories/29332

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/0862/references

Scores

EPSS 0.0280

EPSS Percentile 85.9%

Classification

CWE

CWE-79

Status draft

Affected Products (4)

adobe/coldfusion

Timeline

Published Mar 12, 2008

Tracked Since Feb 18, 2026