Unauthenticate Reflected XSS on Adobe Coldfusion 2018 - 2021 - 2023 last version

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Adobe ColdFusion 安全漏洞

Adobe ColdFusion是美国奥多比（Adobe）公司的一套快速应用程序开发平台。该平台包括集成开发环境和脚本语言。 Adobe ColdFusion 2023.5 版本之前和 2021.11 版本之前存在安全漏洞，该漏洞源于存在反射型跨站脚本 (XSS) 漏洞。

N/A

N/A