CVE-2025-49543

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, scope is changed. The vulnerable component is restricted to internal IP addresses.
Configurations

No configuration.

History

10 Jul 2025, 13:18

Type Values Removed Values Added
Summary
  • (es) Las versiones 2025.2, 2023.14, 2021.20 y anteriores de ColdFusion se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado que un atacante con privilegios elevados podría aprovechar para inyectar scripts maliciosos en campos de formulario vulnerables. JavaScript malicioso puede ejecutarse en el navegador de la víctima cuando accede a la página que contiene el campo vulnerable; el alcance se modifica. El componente vulnerable está restringido a direcciones IP internas.

08 Jul 2025, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-07-08 21:15

Updated : 2025-07-10 13:18


NVD link : CVE-2025-49543

Mitre link : CVE-2025-49543

CVE.ORG link : CVE-2025-49543


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')