Unrated severityNVD Advisory· Published Aug 18, 2009· Updated Jun 16, 2026
CVE-2009-1872
CVE-2009-1872
Description
Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*range: <=8.0.1
- cpe:2.3:a:adobe:coldfusion:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.0:*:enterprise_multi-server:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.0:*:linux:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.0:*:solaris:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.1:*:enterprise_multi-server:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.1:*:enterprise_server:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.1:*:linux:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.1:*:solaris:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0:*:enterprise_multi-server:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0:*:linux:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0:*:solaris:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.2:unknown:mx:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:8.1:*:*:*:*:*:*:*
- Range: <=8.0.1
Patches
Vulnerability mechanics
References
7News mentions
0No linked articles in our index yet.