.. / CVE-2021-21087

Exploit for Adobe ColdFusion - Cross-Site Scripting (CVE-2021-21087)

Description:

Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.

Nuclei Template

View the template here CVE-2021-21087.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-21087.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://twitter.com/Daviey/status/1374070630283415558
https://nvd.nist.gov/vuln/detail/CVE-2021-21087
https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html
https://github.com/ARPSyndicate/kenzer-templates

.. / CVE-2021-21087 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Adobe ColdFusion - Cross-Site Scripting (CVE-2021-21087)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-21087