CVE-2022-28818 ColdFusion Reflected Cross-Site Scripting could lead to Arbitrary Code Execution

🗓️ 12 May 2022 18:59:12Reported by adobeType

ColdFusion XSS vulnerability in versions CF2021U3 and earlier, CF2018U1

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2022-28818	10 May 202223:00	–	attackerkb
Adobe	APSB22-22 : Security update available for Adobe ColdFusion	10 May 202200:00	–	adobe
Circl	CVE-2022-28818	12 May 202222:36	–	circl
CNNVD	Adobe ColdFusion 跨站脚本漏洞	10 May 202200:00	–	cnnvd
Tenable Nessus	Adobe ColdFusion 2018.x < 2018 Update 14 / 2021.x < 2021 Update 4 XSS (APSB22-22)	13 May 202200:00	–	nessus
Check Point Advisories	Adobe ColdFusion Cross-site Scripting (APSB22-22: CVE-2022-28818)	10 May 202200:00	–	checkpoint_advisories
CVE	CVE-2022-28818	12 May 202218:59	–	cve
EUVD	EUVD-2022-33256	3 Oct 202520:07	–	euvd
NVD	CVE-2022-28818	12 May 202219:15	–	nvd
Prion	Cross site scripting	12 May 202219:15	–	prion

[
  {
    "product": "ColdFusion",
    "vendor": "Adobe",
    "versions": [
      {
        "lessThanOrEqual": "CF2021U3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "CF2018U13",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "None",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
helpx	www.helpx.adobe.com/security/products/coldfusion/apsb22-22.html

12 May 2022 18:59Current

5.9Medium risk

Vulners AI Score5.9

CVSS 36.1

EPSS0.00501

CWE-79