CVE-2023-53880

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScri...

Cross-site Scripting (XSS)

Overview org.lucee:core is a coer build of Lucee Affected versions of this package are vulnerable to Cross-site Scripting XSS via the admin interface parameters. An attacker can execute arbitrary JavaScript in a victim's browser session by injecting malicious scripts through crafted requests to...

CVE-2023-53880

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScri...

CVE-2023-53880 Lucee 5.4.2.17 Authenticated Reflected Cross-Site Scripting via Admin Interfaces

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScri...

CVE-2023-53880

CVE-2023-53880 affects Lucee 5.4.2.17, with an authenticated reflected cross-site scripting vulnerability in administrative interface parameters. The vulnerability allows an attacker to craft payloads targeting admin pages such as server.cfm and web.cfm to inject and execute arbitrary JavaScript ...

CVE-2023-53880 Lucee 5.4.2.17 Authenticated Reflected Cross-Site Scripting via Admin Interfaces

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScri...

Lucee 跨站脚本漏洞

Lucee is a high performance open source CFML server written in Java by Lucee Open Source. A cross-site scripting vulnerability exists in Lucee version 5.4.2.17, which stems from the presence of reflective cross-site scripting in the management interface parameters, which could lead to the injecti...

PT-2025-51298

Name of the Vulnerable Software and Affected Versions Lucee version 5.4.2.17 Description An authenticated attacker can inject malicious scripts through parameters in the administrative interface. This allows for the execution of arbitrary JavaScript in a victim’s browser session via crafted...

Lucee < 5.3.12.1 Remote Code Execution

According to its self-reported version number, Lodash is prior to 5.3.12.1 or 5.4.x prior to 5.4.3.2. It is, therefore, affected by a Remote Code Execution via an XML XXE attack in the Lucee REST endpoint. Note that the scanner has not tested for these issues but has instead relied only on the...

Lucee 5.4.x < 5.4.3.2 Remote Code Execution

According to its self-reported version number, Lodash is prior to 5.3.12.1 or 5.4.x prior to 5.4.3.2. It is, therefore, affected by a Remote Code Execution via an XML XXE attack in the Lucee REST endpoint. Note that the scanner has not tested for these issues but has instead relied only on the...

Lucee < 6.0.1.59 Remote Code Execution

Lucee versions prior to 6.0.1.59 are vulnerable to Remote Code Execution RCE via crafted cookies. An attacker can exploit this vulnerability by sending a specially crafted cookie to the server, which can lead to arbitrary code execution on the server hosting the Lucee application. No source data...

Lucee Unset Credentials

Lucee web application server may be configured with no credentials. If an attacker setup the default accounts, they could gain unauthorized access to the application and perform arbitrary actions on it. No source data...

Lucee Administration Panel Login Form Detected

Lucee Administration Panel has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative functionality. No sour...

Lucee Default Credentials

Lucee web application server may be configured with default or predictable credentials for its accounts. If an attacker can guess the credentials, they may be able to gain unauthorized access to the application and perform arbitrary actions on it. No source data...

EUVD-2023-42476

Malicious code in bioql PyPI...

EUVD-2024-54395

Malicious code in bioql PyPI...

EUVD-2025-19755

Malicious code in bioql PyPI...

📄 Adobe ColdFusion 2023.6 Remote File Read

Adobe ColdFusion version 2023.6 suffers from a remote file read vulnerability. Exploit Title: Adobe ColdFusion 2023.6 - Remote File Read Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: ColdFusion 2023 LUcee - Remote Code Execution CVE: CVE-2024-20767...

CVE-2025-34074

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...

CVE-2025-34074

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...