Unrated severityNVD Advisory· Published Aug 18, 2009· Updated Apr 23, 2026
CVE-2009-1877
CVE-2009-1877
Description
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875.
Affected products
22cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*+ 21 more
- cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*range: <=8.0.1
- cpe:2.3:a:adobe:coldfusion:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.0:*:enterprise_multi-server:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.0:*:linux:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.0:*:solaris:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.1:*:enterprise_multi-server:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.1:*:enterprise_server:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.1:*:linux:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:6.1:*:solaris:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0:*:enterprise_multi-server:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0:*:enterprise_server:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0:*:linux:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.0:*:solaris:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:7.2:unknown:mx:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:8.1:*:*:*:*:*:*:*
- (no CPE)range: <= 8.0.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.adobe.com/support/security/bulletins/apsb09-12.htmlnvdPatchVendor Advisory
- osvdb.org/57190nvd
News mentions
0No linked articles in our index yet.