CVE-2009-1872
EXPLOITED NUCLEIAdobe Coldfusion < 8.0.1 - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
Exploits (4)
exploitdb
WORKING POC
VERIFIED
by Alexander Polyakov · textwebappscfm
https://www.exploit-db.com/exploits/33170
exploitdb
WORKING POC
VERIFIED
by Alexander Polyakov · textwebappscfm
https://www.exploit-db.com/exploits/33167
exploitdb
WORKING POC
VERIFIED
by Alexander Polyakov · textwebappscfm
https://www.exploit-db.com/exploits/33168
exploitdb
WORKING POC
VERIFIED
by Alexander Polyakov · textwebappscfm
https://www.exploit-db.com/exploits/33169
Nuclei Templates (1)
Adobe Coldfusion <=8.0.1 - Cross-Site Scripting
MEDIUMVERIFIEDby princechaddha
Shodan:
http.component:"Adobe ColdFusion" || http.component:"adobe coldfusion" || http.title:"coldfusion administrator login" || cpe:"cpe:2.3:a:adobe:coldfusion"
FOFA:
title="coldfusion administrator login" || app="adobe-coldfusion"
References (7)
Scores
EPSS
0.0867
EPSS Percentile
92.3%
Exploitation Intel
VulnCheck KEV
2024-09-19
Classification
CWE
CWE-79
Status
published
Affected Products (22)
adobe/coldfusion
< 8.0.1
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
adobe/coldfusion
... and 7 more
Timeline
Published
Aug 18, 2009
Tracked Since
Feb 18, 2026