CVE-2021-21087
Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.
| Software | From | Fixed in |
|---|---|---|
| adobe / coldfusion | 2018 | 2018.x |
| adobe / coldfusion | 2016 | 2016.x |
| adobe / coldfusion | 2016-update1 | 2016-update1.x |
| adobe / coldfusion | 2016-update10 | 2016-update10.x |
| adobe / coldfusion | 2016-update11 | 2016-update11.x |
| adobe / coldfusion | 2016-update12 | 2016-update12.x |
| adobe / coldfusion | 2016-update13 | 2016-update13.x |
| adobe / coldfusion | 2016-update14 | 2016-update14.x |
| adobe / coldfusion | 2016-update15 | 2016-update15.x |
| adobe / coldfusion | 2016-update2 | 2016-update2.x |
| adobe / coldfusion | 2016-update3 | 2016-update3.x |
| adobe / coldfusion | 2016-update4 | 2016-update4.x |
| adobe / coldfusion | 2016-update5 | 2016-update5.x |
| adobe / coldfusion | 2016-update6 | 2016-update6.x |
| adobe / coldfusion | 2016-update7 | 2016-update7.x |
| adobe / coldfusion | 2016-update8 | 2016-update8.x |
| adobe / coldfusion | 2016-update9 | 2016-update9.x |
| adobe / coldfusion | 2018-update1 | 2018-update1.x |
| adobe / coldfusion | 2018-update2 | 2018-update2.x |
| adobe / coldfusion | 2018-update3 | 2018-update3.x |
| adobe / coldfusion | 2018-update4 | 2018-update4.x |
| adobe / coldfusion | 2018-update5 | 2018-update5.x |
| adobe / coldfusion | 2018-update6 | 2018-update6.x |
| adobe / coldfusion | 2018-update7 | 2018-update7.x |
| adobe / coldfusion | 2018-update8 | 2018-update8.x |
| adobe / coldfusion | 2018-update9 | 2018-update9.x |
| adobe / coldfusion | 2021.0.0.323925 | 2021.0.0.323925.x |
| adobe / coldfusion | 2016-update16 | 2016-update16.x |
| adobe / coldfusion | 2018-update10 | 2018-update10.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime