Adobe ColdFusion is an application for developing Web sites.
Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-site scripting) attacks (CVE-2017-3008). These hotfixes also include an updated version of Apache BlazeDS to mitigate java deserialization (CVE-2017-3066).
ColdFusion (2016 release) Update 3 and earlier versions
ColdFusion 11 Update 11 and earlier versions
ColdFusion 10 Update 22 and earlier versions
Depending on the vulnerability being exploited, a remote attacker could execute arbitrary code or conduct cross-site scripting attacks against a targeted server.