CVE-2021-21087
MEDIUM EXPLOITED NUCLEIAdobe Coldfusion <2021.0.0.323925 - XSS
Title source: llmExploitation Summary
CVE-2021-21087 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.
Nuclei Templates (1)
Adobe ColdFusion - Cross-Site Scripting
MEDIUMby Daviey
Shodan:
http.component:"Adobe ColdFusion" || http.component:"adobe coldfusion" || http.title:"coldfusion administrator login" || cpe:"cpe:2.3:a:adobe:coldfusion"
FOFA:
title="coldfusion administrator login" || app="adobe-coldfusion"
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html
Scores
CVSS v3
5.4
EPSS
0.3710
EPSS Percentile
98.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2023-11-13
CWE
CWE-79
Status
published
Products (3)
adobe/coldfusion
2016 (17 CPE variants)
adobe/coldfusion
2018 (11 CPE variants)
adobe/coldfusion
2021.0.0.323925
Published
Apr 15, 2021
Tracked Since
Feb 18, 2026