CVE-2023-53880
Lucee 5.4.2.17 Authenticated Reflected Cross-Site Scripting via Admin Interfaces
Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScript in victim's browser sessions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Produtos afetados
Lucee · LuceeQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →