ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2022-05-12T19:15:49.367
2024-11-21T06:57:59.480
Modified
CVSSv3.1: 6.1 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | adobe | coldfusion | < 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2018 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |