CVE-2023-53880

Vulnerability Description

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScript in victim's browser sessions.

Related Weaknesses (CWE)

CWE-79

References

https://www.exploit-db.com/exploits/51668
https://www.lucee.org/
https://www.vulncheck.com/advisories/lucee-authenticated-reflected-cross-site-sc

FAQ

What is CVE-2023-53880?

CVE-2023-53880 is a documented vulnerability. Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft ...

How severe is CVE-2023-53880?

CVSS scoring is not yet available for CVE-2023-53880. Check NVD for updates.

Is there a patch for CVE-2023-53880?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.