Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2023-11-17T14:15:21.693
2024-11-21T08:25:44.270
Modified
CVSSv3.1: 6.1 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | adobe | coldfusion | < 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2021 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |
| Application | adobe | coldfusion | 2023 | Yes |