CVE-2022-28818
6.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Adobe | ColdFusion | unspecified <= CF2021U3 | affected |
| Adobe | ColdFusion | unspecified <= CF2018U13 | affected |
| Adobe | ColdFusion | unspecified <= None | affected |
Weaknesses
- CWE-79: Cross-site Scripting (Reflected XSS) (CWE-79)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.