CVE-2009-1872

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
adobecoldfusion
𝑥
≤ 8.0.1
adobecoldfusion
6.0
adobecoldfusion
6.0
adobecoldfusion
6.0
adobecoldfusion
6.0
adobecoldfusion
6.0
adobecoldfusion
6.1
adobecoldfusion
6.1
adobecoldfusion
6.1
adobecoldfusion
6.1
adobecoldfusion
6.1
adobecoldfusion
7.0
adobecoldfusion
7.0
adobecoldfusion
7.0
adobecoldfusion
7.0
adobecoldfusion
7.0
adobecoldfusion
7.0.1
adobecoldfusion
7.0.2
adobecoldfusion
7.2:unknown
adobecoldfusion
8.0
adobecoldfusion
8.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/57182
http://osvdb.org/57183
http://osvdb.org/57184
http://osvdb.org/57185
http://www.adobe.com/support/security/bulletins/apsb09-12.html
http://www.dsecrg.com/pages/vul/show.php?id=122
http://www.securityfocus.com/archive/1/505803/100/0/threaded
http://osvdb.org/57182
http://osvdb.org/57183
http://osvdb.org/57184
http://osvdb.org/57185
http://www.adobe.com/support/security/bulletins/apsb09-12.html
http://www.dsecrg.com/pages/vul/show.php?id=122
http://www.securityfocus.com/archive/1/505803/100/0/threaded