Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-44352Cross-site Scripting in Adobe Coldfusion

CWE-79Cross-site Scripting5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
80.1%
top 0.89%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Coldfusion
Timeline
PublishedNov 17

Description

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDadobe/coldfusion< 2021+2
CVEListV5adobe/coldfusion2021.11

🔴Vulnerability Details

3
GHSA
GHSA-fxvx-4hxp-c4wv: Adobe ColdFusion versions 20232023-11-17
CVEList
Unauthenticate Reflected XSS on Adobe Coldfusion 2018 - 2021 - 2023 last version2023-11-17
VulnCheck
Adobe ColdFusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2023

💥Exploits & PoCs

1
Nuclei
Adobe Coldfusion - Cross-Site Scripting
CVE-2023-44352 — Cross-site Scripting in Adobe | cvebase