What are the security issues related to CVE-2009-1872?

CVE-2009-1872 involves multiple cross-site scripting vulnerabilities in Adobe ColdFusion that allow remote attackers to inject arbitrary web scripts or HTML.

Which versions of Adobe ColdFusion are affected by CVE-2009-1872?

CVE-2009-1872 affects Adobe ColdFusion versions 6.0, 6.1, 7.0, 7.0.1, 7.0.2, and 8.0.1.

How can I mitigate the risks associated with CVE-2009-1872?

To mitigate CVE-2009-1872, users should upgrade to the latest version of Adobe ColdFusion that addresses these vulnerabilities.

What is the impact of exploiting CVE-2009-1872?

Exploiting CVE-2009-1872 can allow attackers to execute scripts in the context of the user’s browser, potentially leading to data theft or session hijacking.

Is there a patch available for CVE-2009-1872?

Yes, Adobe has released security updates that patch CVE-2009-1872, thus it is recommended to apply these updates immediately.

Vulnerability/
CVE-2009-1872

medium

4.3

CWE

18/8/2009

10/10/2018

CVE-2009-1872: XSS

First published: Tue Aug 18 2009(Updated: )

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Adobe ColdFusion	=6.0
Adobe ColdFusion	=6.1
Adobe ColdFusion	=6.0
Adobe ColdFusion	=7.0.2
Adobe ColdFusion	=7.0
Adobe ColdFusion	=6.1
Adobe ColdFusion	=8.0
Adobe ColdFusion	=7.0
Adobe ColdFusion	=6.0
Adobe ColdFusion	=7.0
Adobe ColdFusion	=6.0
Adobe ColdFusion	=7.0
Adobe ColdFusion	=7.2-unknown
Adobe ColdFusion	=6.1
Adobe ColdFusion	<=8.0.1
Adobe ColdFusion	=7.0.1
Adobe ColdFusion	=6.1
Adobe ColdFusion	=7.0
Adobe ColdFusion	=6.1
Adobe ColdFusion	=8.1
Adobe ColdFusion	=6.0

Remedy

http://www.adobe.com/support/security/bulletins/apsb09-12.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What are the security issues related to CVE-2009-1872?
CVE-2009-1872 involves multiple cross-site scripting vulnerabilities in Adobe ColdFusion that allow remote attackers to inject arbitrary web scripts or HTML.
Which versions of Adobe ColdFusion are affected by CVE-2009-1872?
CVE-2009-1872 affects Adobe ColdFusion versions 6.0, 6.1, 7.0, 7.0.1, 7.0.2, and 8.0.1.
How can I mitigate the risks associated with CVE-2009-1872?
To mitigate CVE-2009-1872, users should upgrade to the latest version of Adobe ColdFusion that addresses these vulnerabilities.
What is the impact of exploiting CVE-2009-1872?
Exploiting CVE-2009-1872 can allow attackers to execute scripts in the context of the user’s browser, potentially leading to data theft or session hijacking.
Is there a patch available for CVE-2009-1872?
Yes, Adobe has released security updates that patch CVE-2009-1872, thus it is recommended to apply these updates immediately.

agent/weakness
agent/severity
agent/references
agent/author
agent/type
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/remedy
agent/softwarecombine
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/adobe
canonical/adobe coldfusion
version/adobe coldfusion/6.0
version/adobe coldfusion/6.1
version/adobe coldfusion/7.0.2
version/adobe coldfusion/7.0
version/adobe coldfusion/8.0
version/adobe coldfusion/7.2-unknown
version/adobe coldfusion/8.0.1
version/adobe coldfusion/7.0.1
version/adobe coldfusion/8.1