Medium severity6.1NVD Advisory· Published Dec 1, 2017· Updated May 13, 2026
CVE-2017-11285
CVE-2017-11285
Description
Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
Affected products
18cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update1:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update10:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update11:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update12:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update2:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update3:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update4:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update5:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update6:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update7:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update8:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:11.0:update9:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:2016:-:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:2016:update1:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:2016:update2:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:2016:update3:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:2016:update4:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- helpx.adobe.com/security/products/coldfusion/apsb17-30.htmlnvdMitigationPatchVendor Advisory
- www.securityfocus.com/bid/100711nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039321nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.