CVE-2023-53880

MEDIUM

Lucee 5.4.2.17 - Authenticated Reflected Cross-Site Scripting via Admin Interface Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53880. PoCs published by Yehia Elghaly.

AI-analyzed exploit summary This exploit demonstrates an authenticated reflected XSS vulnerability in Lucee 5.4.2.17. The attacker can craft a malicious URL or POST request to execute arbitrary JavaScript in the context of a victim's session.

Description

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScript in victim's browser sessions.

Exploits (1)

exploitdb WORKING POC
by Yehia Elghaly · textwebappsmultiple
https://www.exploit-db.com/exploits/51668

This exploit demonstrates an authenticated reflected XSS vulnerability in Lucee 5.4.2.17. The attacker can craft a malicious URL or POST request to execute arbitrary JavaScript in the context of a victim's session.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Lucee 5.4.2.17 and earlier
Auth required
Prerequisites: Authenticated session · Victim interaction (e.g., clicking a malicious link)
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/51668
Various Sources product
https://www.lucee.org/

Scores

CVSS v4 4.8
EPSS 0.0005
EPSS Percentile 16.6%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
Lucee/Lucee 5.4.2.17
Published Dec 15, 2025
Tracked Since Feb 18, 2026