U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:adobe:coldfusion:7.2:unknown:mx:*:*:*:*:*
There are 9 matching records.
Displaying matches 1 through 9.
Vuln ID Summary CVSS Severity
CVE-2010-1294

Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors.

Published: May 13, 2010; 1:30:02 PM -0400 		V3.x:(not available)
 V2.0: 2.1 LOW
CVE-2010-1293

Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: May 13, 2010; 1:30:02 PM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2009-3467

Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Published: May 13, 2010; 1:30:01 PM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2009-1878

Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

Published: August 18, 2009; 6:30:00 PM -0400 		V3.x:(not available)
 V2.0: 5.8 MEDIUM
CVE-2009-1877

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875.

Published: August 18, 2009; 6:30:00 PM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2009-1876

Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability."

Published: August 18, 2009; 6:30:00 PM -0400 		V3.x:(not available)
 V2.0: 5.0 MEDIUM
CVE-2009-1875

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877.

Published: August 18, 2009; 6:30:00 PM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2009-1872

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.

Published: August 18, 2009; 6:30:00 PM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2008-4831

Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ColdFusion MX 7.0.2 allows local users to bypass sandbox restrictions, and obtain sensitive information or possibly gain privileges, via unknown vectors.

Published: November 10, 2008; 9:12:55 AM -0500 		V3.x:(not available)
 V2.0: 7.2 HIGH