Vulnerabilities > Adobe > Coldfusion > Medium

DATE CVE VULNERABILITY TITLE RISK
2025-04-08 CVE-2025-30291 Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass.
local
low complexity
adobe
5.5
2025-04-08 CVE-2025-30292 Cross-site Scripting vulnerability in Adobe Coldfusion 2021/2023/2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
adobe CWE-79
6.1
2025-04-08 CVE-2025-30293 Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass.
network
low complexity
adobe
6.8
2025-04-08 CVE-2025-30294 Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass.
network
low complexity
adobe
6.8
2023-11-17 CVE-2023-44352 Unspecified vulnerability in Adobe Coldfusion
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
adobe
6.1
2022-05-12 CVE-2022-28818 Unspecified vulnerability in Adobe Coldfusion
ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
adobe
6.1
2021-04-15 CVE-2021-21087 Unspecified vulnerability in Adobe Coldfusion 2016/2018/2021.0.0.323925
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability.
network
low complexity
adobe
5.4
2020-06-26 CVE-2020-3796 Unspecified vulnerability in Adobe Coldfusion 2016/2018
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability.
network
low complexity
adobe
6.5
2020-06-26 CVE-2020-3767 Improper Input Validation vulnerability in Adobe Coldfusion 2016/2018
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability.
network
low complexity
adobe CWE-20
6.5
2019-05-24 CVE-2019-7092 Cross-site Scripting vulnerability in Adobe Coldfusion 11.0/2016/2018
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability.
network
low complexity
adobe CWE-79
6.1