2021.0.0.323925

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

adobe

NVD

Published: 2021-04-15

Updated: 2024-11-21

Summary

Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Coldfusion 2018 Adobe Coldfusion 2016 Adobe Coldfusion 2021.0.0.323925	29

References

https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html
https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html