CVE-2023-53880

Lucee 5.4.2.17 Authenticated Reflected Cross-Site Scripting via Admin Interfaces

CVSS 4.8 MEDIUMEPSS 0.3%CWE-79

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScript in victim's browser sessions.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected products

Lucee · Lucee

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/51668 https://www.lucee.org/https://www.vulncheck.com/advisories/lucee-authenticated-reflected-cross-site-scripting-via-admin-interfaces