Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-17	CVE-2023-44352	Cross-site Scripting vulnerability in Adobe Coldfusion Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. network low complexity adobe CWE-79	6.1
2023-11-17	CVE-2023-44355	Improper Input Validation vulnerability in Adobe Coldfusion Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. network low complexity adobe CWE-20	4.3
2023-09-14	CVE-2023-38206	Unspecified vulnerability in Adobe Coldfusion 2018/2021/2023 Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. network low complexity adobe	5.3
2022-10-14	CVE-2022-38423	Path Traversal vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. network low complexity adobe CWE-22	4.9
2022-05-12	CVE-2022-28818	Cross-site Scripting vulnerability in Adobe Coldfusion ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. network low complexity adobe CWE-79	6.1
2021-04-15	CVE-2021-21087	Cross-site Scripting vulnerability in Adobe Coldfusion 2016/2018/2021.0.0.323925 Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. network low complexity adobe CWE-79	5.4
2020-07-17	CVE-2020-9673	Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018 Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. local adobe CWE-426	4.4
2020-07-17	CVE-2020-9672	Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018 Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. local adobe CWE-426	4.4
2020-06-26	CVE-2020-3796	Information Exposure vulnerability in Adobe Coldfusion 2016/2018 ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. network adobe CWE-200	4.3
2020-06-26	CVE-2020-3768	Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018 ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. local adobe CWE-426	4.4