CVE-2023-44352 MEDIUM

CVE-2023-44352: Unauthenticate Reflected XSS on Adobe Coldfusion 2018 - 2021 - 2023 last version

Vendor Adobe

Product ColdFusion

Weakness CWE-79 · XSS

Published November 17, 2023

Last update October 29, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Key dates

02Disclosure timeline

November 17, 2023 CVE published

October 29, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-44352

Related vulnerabilities

04Related CVE

CVE-2021-25982 FactorJS - Reflected Cross-Site Scripting (XSS) in Search Functionality CVE-2024-51496 LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php CVE-2024-0871 Beaver Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget CVE-2025-2610 MagnusBilling Stored Cross-Site Scripting in Alarm Module CVE-2024-52484 WordPress Wc Recently viewed products plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability