CNNVD-202512-2636 Information

CNNVD ID

CNNVD-202512-2636

Related CVE

CVE-2023-53880

• CNNVD Published: 2025-12-15

Description (Chinese)

Lucee是Lucee开源的一个用 Java 编写的高性能开源 CFML 服务器。 Lucee 5.4.2.17版本存在跨站脚本漏洞，该漏洞源于管理界面参数存在反射型跨站脚本，可能导致注入恶意脚本。

Description (English)

Lucee is a high-performance open source CFML server developed by Java. Release 5.4.2.17 has a cross-site script loophole, which stems from the reflection-type cross-site script of the management interface parameters, which may result in the injection of malicious scripts.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Lucee

Published

2025-12-15

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/lucee-authenticated-reflected-cross-site-scripting-via-admin-interfaces https://www.lucee.org/ https://www.exploit-db.com/exploits/51668 https://access.redhat.com/security/cve/cve-2023-53880

Patch

https://download.lucee.org/