Stored XSS Vulnerability in Adobe ColdFusion Products
CVE-2026-47933
4.8MEDIUM
What is CVE-2026-47933?
Adobe ColdFusion versions 2023.19, 2025.8, and earlier are susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This issue allows an attacker with low privileges to inject malicious scripts into form fields, leading to the potential execution of harmful JavaScript in the browsers of users who interact with the compromised fields. Consequently, this presents a significant risk as attackers can manipulate the content viewed by users, potentially leading to data theft or session hijacking.
Affected Version(s)
ColdFusion 0 <= 2025.8