CVE-2021-21087

EPSS 81.79%
Veröffentlicht 15.04.2021 14:15:16
Zuletzt bearbeitet 21.11.2024 05:47:32
Quelle psirt@adobe.com
CVE-Watchlists
Login
Unerledigt
Login

Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Coldfusion Version2016 Update-

Adobe ≫ Coldfusion Version2016 Updateupdate1

Adobe ≫ Coldfusion Version2016 Updateupdate10

Adobe ≫ Coldfusion Version2016 Updateupdate11

Adobe ≫ Coldfusion Version2016 Updateupdate12

Adobe ≫ Coldfusion Version2016 Updateupdate13

Adobe ≫ Coldfusion Version2016 Updateupdate14

Adobe ≫ Coldfusion Version2016 Updateupdate15

Adobe ≫ Coldfusion Version2016 Updateupdate16

Adobe ≫ Coldfusion Version2016 Updateupdate2

Adobe ≫ Coldfusion Version2016 Updateupdate3

Adobe ≫ Coldfusion Version2016 Updateupdate4

Adobe ≫ Coldfusion Version2016 Updateupdate5

Adobe ≫ Coldfusion Version2016 Updateupdate6

Adobe ≫ Coldfusion Version2016 Updateupdate7

Adobe ≫ Coldfusion Version2016 Updateupdate8

Adobe ≫ Coldfusion Version2016 Updateupdate9

Adobe ≫ Coldfusion Version2018 Update-

Adobe ≫ Coldfusion Version2018 Updateupdate1

Adobe ≫ Coldfusion Version2018 Updateupdate10

Adobe ≫ Coldfusion Version2018 Updateupdate2

Adobe ≫ Coldfusion Version2018 Updateupdate3

Adobe ≫ Coldfusion Version2018 Updateupdate4

Adobe ≫ Coldfusion Version2018 Updateupdate5

Adobe ≫ Coldfusion Version2018 Updateupdate6

Adobe ≫ Coldfusion Version2018 Updateupdate7

Adobe ≫ Coldfusion Version2018 Updateupdate8

Adobe ≫ Coldfusion Version2018 Updateupdate9

Adobe ≫ Coldfusion Version2021.0.0.323925

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	81.79%	0.991

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N
psirt@adobe.com	5.4	2.3	2.7	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-21087

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21087

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21087

EUVD