Stored XSS Vulnerability in Adobe ColdFusion Products
CVE-2026-47933

4.8MEDIUM

Key Information:

Vendor

Adobe

Vendor
CVE Published:
9 June 2026

What is CVE-2026-47933?

Adobe ColdFusion versions 2023.19, 2025.8, and earlier are susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This issue allows an attacker with low privileges to inject malicious scripts into form fields, leading to the potential execution of harmful JavaScript in the browsers of users who interact with the compromised fields. Consequently, this presents a significant risk as attackers can manipulate the content viewed by users, potentially leading to data theft or session hijacking.

Affected Version(s)

ColdFusion 0 <= 2025.8

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.