CVE-2023-44352
published 2023-11-17CVE-2023-44352: Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an…
PriorityP279medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
84.81%
99.7th percentile
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | coldfusion | < 2021 | 2021 |
| adobe | coldfusion | <= 2021.11 | — |
| adobe | coldfusion | — | — |
| adobe | coldfusion | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/wizards/common/_authenticatewizarduser.cfm↗
- →Detect CVE-2023-44352 exploitation by matching HTTP response body for the reflected XSS payload pattern: the random string followed by unescaped quote+angle-bracket in the action attribute, or the alert(document.domain) payload reflected back. ↗
- →Confirm ColdFusion context by checking that the response body contains 'ColdFusion' and Content-Type header is 'text/html'. ↗
- →Use Shodan queries to identify exposed ColdFusion instances as potential targets: search for http.component:"Adobe Coldfusion" or http.title:"coldfusion administrator login". ↗
- →Use FOFA queries to identify exposed ColdFusion instances: title="coldfusion administrator login" or app="adobe-coldfusion". ↗
- ·The Nuclei template uses a random 8-character base string ({{rand_base(8)}}) as part of the payload to avoid false positives; static signatures must account for variable path prefixes. ↗
- ·Affected versions are ColdFusion 2023.5 and earlier, and 2021.11 and earlier; instances patched to 2023.6 or 2021.12+ are not vulnerable. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fxvx-4hxp-c4wv: Adobe ColdFusion versions 2023
ghsa_unreviewed·2023-11-17
CVE-2023-44352 [MEDIUM] CWE-79 GHSA-fxvx-4hxp-c4wv: Adobe ColdFusion versions 2023
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
VulnCheck
Adobe ColdFusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2023·CVSS 6.1
CVE-2023-44352 [MEDIUM] Adobe ColdFusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Adobe ColdFusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
Affected: Adobe ColdFusion
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.labs.greynoise.io/grimoire/2025-12-26-coldfusion/
No detection rules found.
Nuclei
Adobe Coldfusion - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-44352 [MEDIUM] Adobe Coldfusion - Cross-Site Scripting
Adobe Coldfusion - Cross-Site Scripting
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser
Template:
id: CVE-2023-44352
info:
name: Adobe Coldfusion - Cross-Site Scripting
author: pwnwithlove
severity: medium
description: |
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be e
2023-11-17
Published
Exploited in the wild