CVE-2023-53880
MEDIUMLucee 5.4.2.17 - XSS
Title source: llmDescription
Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScript in victim's browser sessions.
Exploits (1)
exploitdb
WORKING POC
by Yehia Elghaly · textwebappsmultiple
https://www.exploit-db.com/exploits/51668
Scores
CVSS v4
4.8
EPSS
0.0008
EPSS Percentile
24.6%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Details
CWE
CWE-79
Status
published
Products (1)
Lucee/Lucee
5.4.2.17
Published
Dec 15, 2025
Tracked Since
Feb 18, 2026