Adobe ColdFusion CVE-2019-7092 Unspecified Cross Site Scripting Vulnerability
BID:106965
Info
Adobe ColdFusion CVE-2019-7092 Unspecified Cross Site Scripting Vulnerability
| Bugtraq ID: | 106965 |
| Class: | Input Validation Error |
| CVE: |
CVE-2019-7092 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 12 2019 12:00AM |
| Updated: | Feb 12 2019 12:00AM |
| Credit: | Pete Freitag from Foundeo Inc |
| Vulnerable: |
Adobe ColdFusion 2018.0 Update 1 Adobe ColdFusion 2016.0 Update 7 Adobe ColdFusion 2016.0 Update 6 Adobe ColdFusion 2016.0 Update 5 Adobe ColdFusion 2016.0 Update 4 Adobe ColdFusion 2016.0 Update 3 Adobe ColdFusion 2016.0 Update 2 Adobe ColdFusion 2016.0 Update 1 Adobe ColdFusion 2016.0 Adobe ColdFusion 11 Update 9 Adobe ColdFusion 11 Update 8 Adobe ColdFusion 11 Update 7 Adobe ColdFusion 11 Update 6 Adobe ColdFusion 11 Update 5 Adobe ColdFusion 11 Update 4 Adobe ColdFusion 11 Update 3 Adobe ColdFusion 11 Update 2 Adobe ColdFusion 11 Update 15 Adobe ColdFusion 11 Update 14 Adobe ColdFusion 11 Update 13 Adobe ColdFusion 11 Update 12 Adobe ColdFusion 11 Update 11 Adobe ColdFusion 11 Update 10 Adobe ColdFusion 11 Update 1 Adobe ColdFusion 11 |
| Not Vulnerable: |
Adobe ColdFusion 2018.0 Update 2 Adobe ColdFusion 2016.0 Update 8 Adobe ColdFusion 11 Update 16 |
Discussion
Adobe ColdFusion CVE-2019-7092 Unspecified Cross Site Scripting Vulnerability
Adobe ColdFusion is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The following versions are affected:
ColdFusion 2018 Update 1 and prior versions.
ColdFusion 2016 Update 7 and prior versions.
ColdFusion 11 Update 15 and prior versions.
Adobe ColdFusion is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The following versions are affected:
ColdFusion 2018 Update 1 and prior versions.
ColdFusion 2016 Update 7 and prior versions.
ColdFusion 11 Update 15 and prior versions.
Exploit / POC
Adobe ColdFusion CVE-2019-7092 Unspecified Cross Site Scripting Vulnerability
To exploit this issue an attacker must entice a victim into following a malicious URI.
To exploit this issue an attacker must entice a victim into following a malicious URI.
Solution / Fix
Adobe ColdFusion CVE-2019-7092 Unspecified Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Adobe ColdFusion CVE-2019-7092 Unspecified Cross Site Scripting Vulnerability
References:
References:
- Adobe ColdFusion Homepage (Adobe)
- Adobe Homepage (Adobe)
- APSB19-10: Security updates available for ColdFusion (Adobe)