CVE-2021-21087

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 15-04-2021 04:15

Last modified: - 03-06-2022 03:32

Total changes: - 7

Description

Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

Low

Integrity

Low

Privileges required

Changed

Scope

Required

User interaction

5.4

Base score

2.3

2.7

Exploitability score

Impact score

Verification logic

vendor=adobe AND product=coldfusion AND version=2018 AND update=-

vendor=adobe AND product=coldfusion AND version=2016 AND update=-

vendor=adobe AND product=coldfusion AND version=2016 AND update=update1

vendor=adobe AND product=coldfusion AND version=2016 AND update=update10

vendor=adobe AND product=coldfusion AND version=2016 AND update=update11

vendor=adobe AND product=coldfusion AND version=2016 AND update=update12

vendor=adobe AND product=coldfusion AND version=2016 AND update=update13

vendor=adobe AND product=coldfusion AND version=2016 AND update=update14

vendor=adobe AND product=coldfusion AND version=2016 AND update=update15

vendor=adobe AND product=coldfusion AND version=2016 AND update=update2

vendor=adobe AND product=coldfusion AND version=2016 AND update=update16

vendor=adobe AND product=coldfusion AND version=2016 AND update=update3

vendor=adobe AND product=coldfusion AND version=2016 AND update=update4

vendor=adobe AND product=coldfusion AND version=2016 AND update=update5

vendor=adobe AND product=coldfusion AND version=2016 AND update=update6

vendor=adobe AND product=coldfusion AND version=2016 AND update=update7

vendor=adobe AND product=coldfusion AND version=2016 AND update=update8

vendor=adobe AND product=coldfusion AND version=2016 AND update=update9

vendor=adobe AND product=coldfusion AND version=2018 AND update=update1

vendor=adobe AND product=coldfusion AND version=2018 AND update=update10

vendor=adobe AND product=coldfusion AND version=2018 AND update=update2

vendor=adobe AND product=coldfusion AND version=2018 AND update=update3

vendor=adobe AND product=coldfusion AND version=2018 AND update=update4

vendor=adobe AND product=coldfusion AND version=2018 AND update=update5

vendor=adobe AND product=coldfusion AND version=2018 AND update=update6

vendor=adobe AND product=coldfusion AND version=2018 AND update=update7

vendor=adobe AND product=coldfusion AND version=2018 AND update=update8

vendor=adobe AND product=coldfusion AND version=2018 AND update=update9

vendor=adobe AND product=coldfusion AND version=2021.0.0.323925

Reference

https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html

Keywords

CVE-2021-21087

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-21087

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures