CVE-2009-1872

EXPLOITED NUCLEI

Adobe Coldfusion < 8.0.1 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Alexander Polyakov · textwebappscfm

https://www.exploit-db.com/exploits/33168

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Alexander Polyakov · textwebappscfm

https://www.exploit-db.com/exploits/33169

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Alexander Polyakov · textwebappscfm

https://www.exploit-db.com/exploits/33167

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Alexander Polyakov · textwebappscfm

https://www.exploit-db.com/exploits/33170

View Code ZIP pw:eip

Nuclei Templates (1)

Adobe Coldfusion <=8.0.1 - Cross-Site Scripting

MEDIUMVERIFIEDby princechaddha,s4e-io

Shodan:

http.component:"Adobe ColdFusion" || http.component:"adobe coldfusion" || http.title:"coldfusion administrator login" || cpe:"cpe:2.3:a:adobe:coldfusion"

FOFA: title="coldfusion administrator login" || app="adobe-coldfusion"