New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.7
SynopsisA web application running on the remote host is affected by a cross-site scripting vulnerability.
DescriptionThe version of Adobe ColdFusion running on the remote host is affected by a cross-site scripting vulnerability in the administrative web interface. Input to the 'cfadminUserId' parameter of '/CFIDE/administrator/login.cfm' is not properly sanitized. This vulnerability is present when the 'Separate user name and password authentication' configuration setting is enabled.
This version of ColdFusion is reportedly affected by additional vulnerabilities, although Nessus has not checked for those issues.
SolutionApply the hotfix referenced in Adobe's advisory.