ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser, scope is changed. The vulnerable component is restricted to internal IP addresses.
References
Configurations
No configuration.
History
10 Jul 2025, 13:18
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
08 Jul 2025, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-07-08 21:15
Updated : 2025-07-10 13:18
NVD link : CVE-2025-49542
Mitre link : CVE-2025-49542
CVE.ORG link : CVE-2025-49542
JSON object : View
Products Affected
No product.
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')