CVE-2021-21087

MEDIUM EXPLOITED NUCLEI

Adobe Coldfusion <2021.0.0.323925 - XSS

Title source: llm

Description

Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.

Nuclei Templates (1)

Adobe ColdFusion - Cross-Site Scripting

MEDIUMby Daviey

Shodan:

http.component:"Adobe ColdFusion" || http.component:"adobe coldfusion" || http.title:"coldfusion administrator login" || cpe:"cpe:2.3:a:adobe:coldfusion"

FOFA: title="coldfusion administrator login" || app="adobe-coldfusion"

References (1)

[Patch, Vendor Advisory] https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html

Scores

CVSS v3 5.4

EPSS 0.8420

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2023-11-13

CWE

CWE-79

Status published

Products (3)

adobe/coldfusion 2016 (17 CPE variants)

adobe/coldfusion 2018 (11 CPE variants)

adobe/coldfusion 2021.0.0.323925

Published Apr 15, 2021

Tracked Since Feb 18, 2026