Adobe ColdFusion 'cfadminUserId' XSS (APSB10-11)
Medium Nessus Plugin ID 46705
SynopsisA web application running on the remote host is affected by a cross-site scripting vulnerability.
DescriptionThe version of Adobe ColdFusion running on the remote host is affected by a cross-site scripting vulnerability in the administrative web interface. Input to the 'cfadminUserId' parameter of '/CFIDE/administrator/login.cfm' is not properly sanitized. This vulnerability is present when the 'Separate user name and password authentication' configuration setting is enabled.
This version of ColdFusion is reportedly affected by additional vulnerabilities, although Nessus has not checked for those issues.
SolutionApply the hotfix referenced in Adobe's advisory.