CVE-2021-21087
published 2021-04-15CVE-2021-21087: Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input…
PriorityP276medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
37.09%
98.3th percentile
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
| adobe | coldfusion | unspecified – 2016.16 | — |
Detection & IOCsextracted from sources · hover to see the quote
path/cf_scripts/scripts/ajax/package/cfajax.js
path/cf-scripts/scripts/ajax/package/cfajax.js
path/CFIDE/scripts/ajax/package/cfajax.js
path/cfide/scripts/ajax/package/cfajax.js
path/CF_SFSD/scripts/ajax/package/cfajax.js
path/cfmx/CFIDE/scripts/ajax/package/cfajax.js
- →Use Shodan queries `http.component:"Adobe ColdFusion"`, `http.component:"adobe coldfusion"`, `http.title:"coldfusion administrator login"`, or `cpe:"cpe:2.3:a:adobe:coldfusion"` to identify internet-exposed ColdFusion instances for targeted scanning.
- →Use FOFA queries `title="coldfusion administrator login"` or `app="adobe-coldfusion"` to identify exposed ColdFusion instances.
- →Use Google dork `intitle:"coldfusion administrator login"` to discover publicly accessible ColdFusion admin login pages.
- ·The template uses `stop-at-first-match: true`, meaning only the first successfully matched path among the seven variants will be tested; all path variants should be checked independently for comprehensive coverage.
- ·Exploitation requires user interaction — this is a reflected/stored XSS and cannot be triggered without a victim visiting or interacting with a crafted link or page. ↗
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vulncheck5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9mx8-9vhh-5qr7: Adobe Coldfusion versions 2016 (update 16 and earlier) and 2018 (update 10 and earlier) are affected by an Improper Neutralization of Directives in Dy
ghsa_unreviewed·2022-05-24
CVE-2021-21087 [MEDIUM] CWE-79 GHSA-9mx8-9vhh-5qr7: Adobe Coldfusion versions 2016 (update 16 and earlier) and 2018 (update 10 and earlier) are affected by an Improper Neutralization of Directives in Dy
Adobe Coldfusion versions 2016 (update 16 and earlier) and 2018 (update 10 and earlier) are affected by an Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) vulnerability. An attacker could abuse this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction.
VulnCheck
Adobe ColdFusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2021·CVSS 5.4
CVE-2021-21087 [MEDIUM] Adobe ColdFusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Adobe ColdFusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.
Affected: Adobe ColdFusion
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-13&host_ty
No detection rules found.
Nuclei
Adobe ColdFusion - Cross-Site Scripting
nuclei·CVSS 5.4
CVE-2021-21087 [MEDIUM] Adobe ColdFusion - Cross-Site Scripting
Adobe ColdFusion - Cross-Site Scripting
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.
Template:
id: CVE-2021-21087
info:
name: Adobe ColdFusion - Cross-Site Scripting
author: Daviey
severity: medium
description: |
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker co
Greynoiseio
NoiseLetter
blogs_greynoiseio
NoiseLetter
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Greynoiseio
GreyNoise Round-Up: Product Updates
blogs_greynoiseio
GreyNoise Round-Up: Product Updates
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2021-04-15
Published
Exploited in the wild