CVE-2019-7092

Name of the Vulnerable Software and Affected Versions ColdFusion versions Update 1 and earlier ColdFusion versions Update 7 and earlier ColdFusion versions Update 15 and earlier

Description The issue is related to the lack of protection of the web page structure in the ColdFusion interpreter. Exploitation of this issue could allow a remote attacker to inject arbitrary web scripts or HTML code, gaining access to protected information, modifying the appearance of the web page, and performing phishing attacks or drive-by-download attacks using specially crafted HTTP requests.

Recommendations For ColdFusion versions Update 1 and earlier, update to a version later than Update 1 to resolve the issue. For ColdFusion versions Update 7 and earlier, update to a version later than Update 7 to resolve the issue. For ColdFusion versions Update 15 and earlier, update to a version later than Update 15 to resolve the issue.