CVE-2010-1293

Adobe ColdFusion <9.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (3)

[Vendor Advisory] http://secunia.com/advisories/39790

[Patch, Vendor Advisory] http://www.adobe.com/support/security/bulletins/apsb10-11.html

[Patch, Vendor Advisory] http://www.vupen.com/english/advisories/2010/1127

Scores

EPSS 0.0082

EPSS Percentile 74.1%

Classification

CWE

CWE-79

Status published

Affected Products (12)

adobe/coldfusion < 9.0

adobe/coldfusion

n/a/n/a

Timeline

Published May 13, 2010

Tracked Since Feb 18, 2026