Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Adobe ColdFusion - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in Adobe ColdFusion applications. This vulnerability can be exploited by attackers to execute arbitrary scripts on a remote host running the affected application. The severity of this vulnerability is classified as high.
This module was authored by dhiyaneshDK.
A successful exploitation of the cross-site scripting vulnerability in Adobe ColdFusion can lead to various consequences, including:
- Execution of arbitrary scripts on the affected host - Potential theft of sensitive information - Manipulation of user sessions - Defacement of web pagesThe "Adobe ColdFusion - Cross-Site Scripting" module works by sending HTTP requests to specific paths in the target application. It then applies matching conditions to determine if the vulnerability is present. One example of a request path that is checked is "/CFIDE/debug/cf_debugFr.cfm?userPage=javascript:alert(1)".
The module uses the following matching conditions to identify the vulnerability:
- Check if the response body contains the string "<"cf_main_cf" src="javascript:alert(1)">"
- Check if the response header contains the string "text/html
"
- Check if the response status code is 200
If all of these conditions are met, the module reports the presence of the cross-site scripting vulnerability.