CVE-2022-28818 MEDIUM

CVE-2022-28818: ColdFusion Reflected Cross-Site Scripting could lead to Arbitrary Code Execution

Vendor Adobe
Product ColdFusion
Weakness CWE-79 · XSS
Published May 12, 2022
Last update September 16, 2024

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Key dates

02Disclosure timeline

May 12, 2022 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE