Multiple cross-site scripting vulnerabilities in Adobe ColdFusion - APSB11-29ID: oval:org.secpod.oval:def:9457 | Date: (C)2013-03-01 (M)2022-10-10 |
Class: PATCH | Family: unix |
The host is missing an important security update according to Adobe security bulletin, APSB11-29. The update is required to fix multiple cross-site scripting vulnerabilities. The flaws are present in the RDS and cfform tag components in the application, which fails to properly handle the vectors. Successful exploitation allows remote attackers to inject arbitrary web script or HTML.