CVE-2023-53880

Sažetak

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScript in victim's browser sessions.

Reference

https://www.exploit-db.com/exploits/51668
https://www.lucee.org/
https://www.vulncheck.com/advisories/lucee-authenticated-reflected-cross-site-scripting-via-admin-interfaces

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

16-12-2025 - 14:10

Objavljeno

15-12-2025 - 21:15