CVE-2025-30292

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.0 and earlier ColdFusion versions 2023.12 ColdFusion versions 2021.18

Description: The issue is a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker convinces a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Recommendations: For versions 2025.0 and earlier, update to a version that includes a fix for this issue. For version 2023.12, update to a version that includes a fix for this issue. For version 2021.18, update to a version that includes a fix for this issue.