An attacker could leverage social engineering or email spoofing to interact with a user and convince them to open the malicious file. CVE Solution: Update to version 3.4.5 of Adobe Dimension. Adobe ColdFusion versions 10.3.3, 10.3.0 and CF10.0 are affected by an XSS
An attacker can inject malicious script code in the page parameter to execute arbitrary script code in the browser of an unsuspecting user through this vulnerability. There is a possibility that an attacker can upload a malicious file on the server via the upload page parameter at /flatpress/admin.php.