Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 01 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 30 Jun 2026 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Adobe
Adobe coldfusion |
|
| Vendors & Products |
Adobe
Adobe coldfusion |
Tue, 30 Jun 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious link. Scope is changed. | |
| Title | ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79) | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: adobe
Published:
Updated: 2026-07-01T14:31:51.338Z
Reserved: 2026-05-21T15:28:38.136Z
Link: CVE-2026-48307
Updated: 2026-07-01T14:31:44.506Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-30T21:15:05Z