- Home
- CVEs with nessus.description==The version of Adobe ColdFusion running on the remote Windows host is 11.x prior to update 13 or 2016.x prior to update 5. It is, therefore, affected by multiple vulnerabilities :
- A Java deserialization flaw exists that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-11283, CVE-2017-11284)
- A reflected cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in user's browser session.
(CVE-2017-11285)
- An unspecified flaw due to improper restriction of XML External Entity Reference. (CVE-2017-11286)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top