CVE-2009-1872

Exploitation Summary

CVE-2009-1872 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including Alexander Polyakov. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Adobe ColdFusion 8.0.1 and earlier. The PoC uses a crafted URL to inject malicious JavaScript via the 'filter' parameter in the log viewer, leading to arbitrary script execution in the context of the affected application.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Alexander Polyakov · textwebappscfm

https://www.exploit-db.com/exploits/33168

View Code ZIP pw:eip

This exploit demonstrates an HTML injection vulnerability in Adobe ColdFusion 8.0.1 and earlier. The PoC uses a crafted URL to inject malicious JavaScript via the 'filter' parameter in the log viewer, leading to arbitrary script execution in the context of the affected application.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Adobe ColdFusion 8.0.1 and earlier

No auth needed

Prerequisites: Access to the ColdFusion administrator log viewer

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Alexander Polyakov · textwebappscfm

https://www.exploit-db.com/exploits/33169

View Code ZIP pw:eip

This exploit demonstrates an XSS vulnerability in Adobe ColdFusion by injecting a script tag into the URL, which executes arbitrary JavaScript in the context of the affected application. The vulnerability arises due to insufficient input sanitization in dynamically generated content.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Adobe ColdFusion 8.0.1 and earlier

No auth needed

Prerequisites: Access to the target URL · Victim interaction to trigger the payload

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Alexander Polyakov · textwebappscfm

https://www.exploit-db.com/exploits/33167

View Code ZIP pw:eip

This exploit demonstrates an XSS vulnerability in Adobe ColdFusion 8.0.1 and earlier by injecting a script tag into the URL, which executes arbitrary JavaScript in the context of the affected application.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Adobe ColdFusion 8.0.1 and earlier

No auth needed

Prerequisites: Access to the target URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Alexander Polyakov · textwebappscfm

https://www.exploit-db.com/exploits/33170

View Code ZIP pw:eip

This exploit demonstrates an XSS vulnerability in Adobe ColdFusion 8.0.1 and earlier by injecting a script tag into the URL, which executes arbitrary JavaScript in the context of the affected application.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Adobe ColdFusion 8.0.1 and earlier

No auth needed

Prerequisites: Access to the target URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Adobe Coldfusion <=8.0.1 - Cross-Site Scripting

MEDIUMVERIFIEDby princechaddha,s4e-io

Shodan:

http.component:"Adobe ColdFusion" || http.component:"adobe coldfusion" || http.title:"coldfusion administrator login" || cpe:"cpe:2.3:a:adobe:coldfusion"

FOFA: title="coldfusion administrator login" || app="adobe-coldfusion"