The host is installed with Adobe ColdFusion 11 before Update 7 or 10 before Update 18 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle an input validation issue. Successful exploitation allows remote attackers to inject arbitrary web script or HTML.