Yesterday (12th November 2013) a new hotfix was released with security updates applicable to ColdFusion versions 10, 9.0.2, 9.0.1 and 9 for Windows, Mac and Linux.
To quote the official bulletin, "this hotfix addresses a reflected cross site scripting vulnerability that could be exploited by a remote, authenticated user on ColdFusion 10 and earlier when the CFIDE directory is exposed. "
If your ColdFusion 10 server is behind a firewall or you are unable to access / use the automatic update feature there are instructions on how to implement the update manually here: http://blogs.coldfusion.com/post.cfm/coldfusion-hotfix-installation-guide . Look for the section titled "What can be done if the ColdFusion server is behind the firewall and can't access the Adobe's Update site URL?"
I would also strongly recommend reading the ColdFusion server lockdown guides: