SB2016061402 - Cross-Site Scripting in Adobe ColdFusion
Published: June 14, 2016 Updated: February 3, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Cross-Site Scripting in ColdFusion (CVE-ID: CVE-2016-4159)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
A cross-site scripting vulnerability was reported in ColdFusion.
The vulnerability exists due to insufficient sanitization of input data. A remote attacker can send a specially crafted HTTP request to the vulnerable application and execute arbitrary HTML and script code in user’s browser in security context of vulnerable website.
Exploitation of this vulnerability may allow an attacker to obtain sensitive to the victim information, such as cookies, or disguise website content.
Remediation
Install update from vendor's website.