Unauthenticate Reflected XSS on Adobe Coldfusion 2018 - 2021 - 2023 last version
CVE-2023-44352

6.1MEDIUM

Key Information:

Vendor: Adobe
Status: Coldfusion
Vendor: CVE Published:; 17 November 2023

Summary

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Affected Version(s)

ColdFusion 0 <= 2021.11

References

https://helpx.adobe.com/security/products/coldfusion/apsb...

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 17, 2023
Vulnerability Reserved
Sep 28, 2023

Collectors

NVD DatabaseMitre Database