Lucene search
AdobeColdfusion2018
2 matches found
CVE-2021-21087
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript ...
5.4CVSS5.7AI score0.84034EPSS
In wild
CVE-2020-10145
The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability.
7.8CVSS7.4AI score0.0007EPSS