Intrusion Prevention

Adobe.ColdFusion.Searchlog.XSS

Description

This indicates an attack attempt against a cross-site scripting (XSS) vulnerability in Adobe ColdFusion Server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted URL. It allows a remote attacker to inject arbitrary web script or HTML.

Affected Products

ColdFusion 8.0.1 and earlier versions

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patch, available from the web site:
http://www.adobe.com/support/security/bulletins/apsb09-12.html