CVE-2023-44352

{"id": "CVE-2023-44352", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2023-11-17T14:15:21.693", "references": [{"url": "https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."}, {"lang": "es", "value": "Las versiones 2023.5 (y anteriores) y 2021.11 (y anteriores) de Adobe ColdFusion se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada. Si un atacante no autenticado puede convencer a una v\u00edctima para que visite una URL que hace referencia a una p\u00e1gina vulnerable, se puede ejecutar contenido JavaScript malicioso dentro del contexto del navegador de la v\u00edctima."}], "lastModified": "2023-11-23T03:36:27.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39EBF22C-3ED8-4C91-AA46-1BA920CE1920", "versionEndExcluding": "2021"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A94B406-C011-4673-8C2B-0DD94D46CC4C"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFD05E3A-10F9-4C75-9710-BA46B66FF6E6"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1FC7D1D-6DD2-48B2-980F-B001B0F24473"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FA19E1D-61C2-4640-AF06-4BCFE750BDF3"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D57C8681-AC68-47DF-A61E-B5C4B4A47663"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75608383-B727-48D6-8FFA-D552A338A562"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7773DB68-414A-4BA9-960F-52471A784379"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B38B9E86-BCD5-4BCA-8FB7-EC55905184E6"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E7BAB80-8455-4570-A2A2-8F40469EE9CC"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9D645A2-E02D-4E82-A2BD-0A7DE5B8FBCC"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E22D701-B038-4795-AA32-A18BC93C2B6F"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2021:update9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAC4A0EC-C3FC-47D8-86CE-0E6A87A7F0B0"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B02A37FE-5D31-4892-A3E6-156A8FE62D28"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AA3D302-CFEE-4DFD-AB92-F53C87721BFF"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB88D4FE-5496-4639-BAF2-9F29F24ABF29"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43E0ED98-2C1F-40B8-AF60-FEB1D85619C0"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76204873-C6E0-4202-8A03-0773270F1802"}, {"criteria": "cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}