PT-2026-53907 · Adobe · Coldfusion

Jann Horn

·

Published

2026-06-30

·

Updated

2026-07-02

·

CVE-2026-48307

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions ColdFusion versions 2025.9 and earlier
Description A reflected Cross-Site Scripting (XSS) issue allows an attacker to inject malicious scripts into a web page. This could lead to arbitrary code execution within the context of the current user. Successful exploitation requires user interaction, specifically that the victim opens a malicious link.
Recommendations Update ColdFusion to a version later than 2025.9.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-09262
CVE-2026-48307

Affected Products

Coldfusion