11.0

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-19	CVE-2018-4941	Cross-site Scripting vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. network low complexity adobe CWE-79	6.1
2018-05-19	CVE-2018-4940	Cross-site Scripting vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. network low complexity adobe CWE-79	6.1
2018-05-19	CVE-2018-4939	Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Deserialization of Untrusted Data vulnerability. network low complexity adobe CWE-502 critical	9.8
2018-05-19	CVE-2018-4938	Uncontrolled Search Path Element vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Insecure Library Loading vulnerability. local low complexity adobe CWE-427	7.8
2017-12-01	CVE-2017-11286	XXE vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. network low complexity adobe CWE-611	7.5
2017-12-01	CVE-2017-11285	Cross-site Scripting vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. network low complexity adobe CWE-79	6.1
2017-12-01	CVE-2017-11284	Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. network low complexity adobe CWE-502 critical	9.8
2017-12-01	CVE-2017-11283	Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. network low complexity adobe CWE-502 critical	9.8
2017-04-27	CVE-2017-3066	Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 10.0/11.0/2016 Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. network low complexity adobe CWE-502 critical	9.8
2017-04-27	CVE-2017-3008	Cross-site Scripting vulnerability in Adobe Coldfusion 10.0/11.0/2016 Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability. network low complexity adobe CWE-79	6.1