CVE-2021-21087: XSS
First published: Thu Apr 15 2021(Updated: )
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe ColdFusion | =2016 | |
| Adobe ColdFusion | =2016-update1 | |
| Adobe ColdFusion | =2016-update10 | |
| Adobe ColdFusion | =2016-update11 | |
| Adobe ColdFusion | =2016-update12 | |
| Adobe ColdFusion | =2016-update13 | |
| Adobe ColdFusion | =2016-update14 | |
| Adobe ColdFusion | =2016-update15 | |
| Adobe ColdFusion | =2016-update16 | |
| Adobe ColdFusion | =2016-update2 | |
| Adobe ColdFusion | =2016-update3 | |
| Adobe ColdFusion | =2016-update4 | |
| Adobe ColdFusion | =2016-update5 | |
| Adobe ColdFusion | =2016-update6 | |
| Adobe ColdFusion | =2016-update7 | |
| Adobe ColdFusion | =2016-update8 | |
| Adobe ColdFusion | =2016-update9 | |
| Adobe ColdFusion | =2018 | |
| Adobe ColdFusion | =2018-update1 | |
| Adobe ColdFusion | =2018-update10 | |
| Adobe ColdFusion | =2018-update2 | |
| Adobe ColdFusion | =2018-update3 | |
| Adobe ColdFusion | =2018-update4 | |
| Adobe ColdFusion | =2018-update5 | |
| Adobe ColdFusion | =2018-update6 | |
| Adobe ColdFusion | =2018-update7 | |
| Adobe ColdFusion | =2018-update8 | |
| Adobe ColdFusion | =2018-update9 | |
| Adobe ColdFusion | =2021.0.0.323925 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Adobe Coldfusion vulnerability?
The vulnerability ID for this Adobe Coldfusion vulnerability is CVE-2021-21087.
What is the severity of CVE-2021-21087?
The severity of CVE-2021-21087 is medium.
How does CVE-2021-21087 affect Adobe Coldfusion?
CVE-2021-21087 affects Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier), and 2021.0.0.323925.
What is the impact of CVE-2021-21087?
CVE-2021-21087 allows an attacker to execute arbitrary JavaScript code.
Is there a fix available for CVE-2021-21087?
Yes, Adobe has released a security update to address CVE-2021-21087. It is recommended to apply the latest update.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- vendor/adobe
- canonical/adobe coldfusion
- version/adobe coldfusion/2016
- version/adobe coldfusion/2016-update1
- version/adobe coldfusion/2016-update10
- version/adobe coldfusion/2016-update11
- version/adobe coldfusion/2016-update12
- version/adobe coldfusion/2016-update13
- version/adobe coldfusion/2016-update14
- version/adobe coldfusion/2016-update15
- version/adobe coldfusion/2016-update16
- version/adobe coldfusion/2016-update2
- version/adobe coldfusion/2016-update3
- version/adobe coldfusion/2016-update4
- version/adobe coldfusion/2016-update5
- version/adobe coldfusion/2016-update6
- version/adobe coldfusion/2016-update7
- version/adobe coldfusion/2016-update8
- version/adobe coldfusion/2016-update9
- version/adobe coldfusion/2018
- version/adobe coldfusion/2018-update1
- version/adobe coldfusion/2018-update10
- version/adobe coldfusion/2018-update2
- version/adobe coldfusion/2018-update3
- version/adobe coldfusion/2018-update4
- version/adobe coldfusion/2018-update5
- version/adobe coldfusion/2018-update6
- version/adobe coldfusion/2018-update7
- version/adobe coldfusion/2018-update8
- version/adobe coldfusion/2018-update9
- version/adobe coldfusion/2021.0.0.323925