CVE-2021-21087 MEDIUM

CVE-2021-21087: ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser

Vendor Adobe

Product ColdFusion

Weakness CWE-79 · XSS

Published April 15, 2021

Last update April 23, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

Description

Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.

Key dates

Disclosure timeline

April 15, 2021 CVE published

April 23, 2025 Record updated

Identifiers

CVE CVE-2021-21087

CWE CWE-79

CVSS 5.4 / MEDIUM

Affected versions

Vendor Adobe

Product ColdFusion

Affected ≥ unspecified and ≤ 2016.16

Vendor Adobe

Product ColdFusion

Affected ≥ unspecified and ≤ 2018.10

Vendor Adobe

Product ColdFusion

Affected ≥ unspecified and ≤ 2021.0.0.323925

Vendor Adobe

Product ColdFusion

Affected ≥ unspecified and ≤ None