CVE-2021-21087

high-risk
Published 2021-04-15

Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.

Do I need to act?

!
84.2% chance of exploitation in next 30 days
EPSS score — higher than 16% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Adobe

References (2)

Patch https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html
Patch https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html
63
/ 100
high-risk
Severity 21/34 · High
Exploitability 20/34 · Moderate
Exposure 22/34 · High