Lucene search
K

80 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-29519

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...

8.2CVSS0.00386EPSS
Exploits1References2
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-42906

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...

8.2CVSS6.3AI score0.00386EPSS
Exploits1References2
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-29519 Lucee CFML Server Reflected XSS via URL Path Parsing

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...

8.2CVSS0.00386EPSS
Exploits1References2
CVE
CVE
added 4 days ago12 views

CVE-2026-29519

CVE-2026-29519 affects Lucee CFML Server across 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines. It describes a reflected cross-site scripting vulnerability in URL path parsing, where unauthenticated remote attackers can cause arbitrary JavaScript to execute in a victim’s browser by embedding payloa...

8.2CVSS6.3AI score0.00386EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-57164

Name of the Vulnerable Software and Affected Versions Lucee CFML Server versions 5.3.x Lucee CFML Server versions 6.1.x Lucee CFML Server versions 6.2.x Lucee CFML Server versions 7.0.x Description Reflected cross-site scripting occurs during URL path parsing, allowing unauthenticated remote...

8.2CVSS6.3AI score0.00386EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/16 8:44 p.m.5 views

CVE-2023-53880

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScri...

4.8CVSS6.4AI score0.00311EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/15 9:44 p.m.3 views

Cross-site Scripting (XSS)

Overview org.lucee:core is a coer build of Lucee Affected versions of this package are vulnerable to Cross-site Scripting XSS via the admin interface parameters. An attacker can execute arbitrary JavaScript in a victim's browser session by injecting malicious scripts through crafted requests to...

4.8CVSS5.4AI score0.00311EPSS
Exploits0References2
NVD
NVD
added 2025/12/15 9:15 p.m.4 views

CVE-2023-53880

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScri...

4.8CVSS0.00311EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.2 views

CVE-2023-53880 Lucee 5.4.2.17 Authenticated Reflected Cross-Site Scripting via Admin Interfaces

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScri...

4.8CVSS6AI score0.00311EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/15 8:28 p.m.23 views

CVE-2023-53880 Lucee 5.4.2.17 Authenticated Reflected Cross-Site Scripting via Admin Interfaces

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScri...

4.8CVSS0.00311EPSS
Exploits0References3
CVE
CVE
added 2025/12/15 8:28 p.m.7 views

CVE-2023-53880

CVE-2023-53880 affects Lucee 5.4.2.17, with an authenticated reflected cross-site scripting vulnerability in administrative interface parameters. The vulnerability allows an attacker to craft payloads targeting admin pages such as server.cfm and web.cfm to inject and execute arbitrary JavaScript ...

4.8CVSS6AI score0.00311EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.7 views

PT-2025-51298

Name of the Vulnerable Software and Affected Versions Lucee version 5.4.2.17 Description An authenticated attacker can inject malicious scripts through parameters in the administrative interface. This allows for the execution of arbitrary JavaScript in a victim’s browser session via crafted...

4.8CVSS5.9AI score0.00311EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.6 views

Lucee 跨站脚本漏洞

Lucee is a high performance open source CFML server written in Java by Lucee Open Source. A cross-site scripting vulnerability exists in Lucee version 5.4.2.17, which stems from the presence of reflective cross-site scripting in the management interface parameters, which could lead to the injecti...

4.8CVSS6.3AI score0.00311EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/17 12:0 a.m.6 views

Lucee < 6.0.1.59 Remote Code Execution

Lucee versions prior to 6.0.1.59 are vulnerable to Remote Code Execution RCE via crafted cookies. An attacker can exploit this vulnerability by sending a specially crafted cookie to the server, which can lead to arbitrary code execution on the server hosting the Lucee application. No source data...

8.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/17 12:0 a.m.10 views

Lucee 5.4.x < 5.4.3.2 Remote Code Execution

According to its self-reported version number, Lodash is prior to 5.3.12.1 or 5.4.x prior to 5.4.3.2. It is, therefore, affected by a Remote Code Execution via an XML XXE attack in the Lucee REST endpoint. Note that the scanner has not tested for these issues but has instead relied only on the...

9.8CVSS7.5AI score0.0076EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/17 12:0 a.m.6 views

Lucee < 5.3.12.1 Remote Code Execution

According to its self-reported version number, Lodash is prior to 5.3.12.1 or 5.4.x prior to 5.4.3.2. It is, therefore, affected by a Remote Code Execution via an XML XXE attack in the Lucee REST endpoint. Note that the scanner has not tested for these issues but has instead relied only on the...

9.8CVSS7.5AI score0.0076EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/10 12:0 a.m.5 views

Lucee Unset Credentials

Lucee web application server may be configured with no credentials. If an attacker setup the default accounts, they could gain unauthorized access to the application and perform arbitrary actions on it. No source data...

7.1AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/10 12:0 a.m.15 views

Lucee Default Credentials

Lucee web application server may be configured with default or predictable credentials for its accounts. If an attacker can guess the credentials, they may be able to gain unauthorized access to the application and perform arbitrary actions on it. No source data...

7.3AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/10 12:0 a.m.8 views

Lucee Administration Panel Login Form Detected

Lucee Administration Panel has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality. No sour...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-42476

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.0076EPSS
Exploits0References2
Rows per page
Query Builder