CVE-2013-5326Cross-site Scripting in Adobe Coldfusion

CWE-79Cross-site Scripting4 documents4 sources
Severity
3.5LOWNVD
EPSS
0.5%
top 34.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Coldfusion
Timeline
PublishedNov 13
Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the logviewer directory.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

NVDadobe/coldfusion10.0+4

🔴Vulnerability Details

3
GHSA
GHSA-4qx5-cvc6-qgr8: Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 92022-05-13
CVEList
CVE-2013-5326: Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 92013-11-13
VulnCheck
Adobe ColdFusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2013
CVE-2013-5326 — Cross-site Scripting in Adobe | cvebase