Adobe ColdFusion Cross-Site Scripting Vulnerability (CVE-2016-1113) (APSB16-16)
Adobe ColdFusion Cross-Site Scripting Vulnerability (CVE-2016-1113) (APSB16-16)
Release date:
Updated on:
Affected Systems:
Adobe ColdFusion & lt; 2016 Update 1
Adobe ColdFusion <11 Update 8
Adobe ColdFusion <10 Update 19
Description:
CVE (CAN) ID: CVE-2016-1113
Adobe ColdFusion is a dynamic Web server.
Adobe ColdFusion 10 versions earlier than Update 19, 11 versions earlier than Update 8, and 2016 versions earlier than Update 1 have the cross-site scripting vulnerability. Remote attackers can exploit this vulnerability to inject arbitrary Web scripts or HTML.
<* Source: Andrew Bonstrom
Link: https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html
*>
Suggestion:
Vendor patch:
Adobe
-----
Adobe has released a Security Bulletin (APSB16-16) and patches for this:
APSB16-16: Hotfixes available for ColdFusion
Link: https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html
This article permanently updates the link address: