First published: Fri Nov 17 2023(Updated: )
Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
Credit: psirt@adobe.com
Affected Software | Affected Version | How to fix |
---|---|---|
Adobe ColdFusion | <2021 | |
Adobe ColdFusion | =2021 | |
Adobe ColdFusion | =2021-update1 | |
Adobe ColdFusion | =2021-update10 | |
Adobe ColdFusion | =2021-update11 | |
Adobe ColdFusion | =2021-update2 | |
Adobe ColdFusion | =2021-update3 | |
Adobe ColdFusion | =2021-update4 | |
Adobe ColdFusion | =2021-update5 | |
Adobe ColdFusion | =2021-update6 | |
Adobe ColdFusion | =2021-update7 | |
Adobe ColdFusion | =2021-update8 | |
Adobe ColdFusion | =2021-update9 | |
Adobe ColdFusion | =2023 | |
Adobe ColdFusion | =2023-update1 | |
Adobe ColdFusion | =2023-update2 | |
Adobe ColdFusion | =2023-update3 | |
Adobe ColdFusion | =2023-update4 | |
Adobe ColdFusion | =2023-update5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Adobe ColdFusion vulnerability is CVE-2023-44352.
The severity of CVE-2023-44352 is medium.
Adobe ColdFusion versions 2023.5 and earlier, as well as 2021.11 and earlier, are affected by CVE-2023-44352.
CVE-2023-44352 allows an unauthenticated attacker to execute malicious JavaScript on a vulnerable page.
You can find more information about CVE-2023-44352 in the Adobe ColdFusion security bulletin APSB23-52.