GHSA-4wgh-wf35-gj87 · Severity: medium — ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting ...
ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.
Conclusion & alert: CVE-2026-47933 is rated Low Risk (22.5/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.19%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.04% | 0.19% | +0.15% |
| 2 | 2026-06-10 | — | 0.04% | — |
Full EPSS history (2 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 4.8 | 3.1 | MEDIUM |
|
1.7 | 2.7 | [email protected] |
| 5.4 | 3.1 | MEDIUM |
|
2.3 | 2.7 | [email protected] |
GHSA-4wgh-wf35-gj87 · Severity: medium — ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting ...
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update13:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update14:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update15:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update16:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update17:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update18:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update19:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:* |
| adobe | coldfusion | 2023 | cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:* |
| adobe | coldfusion | 2025 | cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:* |
| adobe | coldfusion | 2025 | cpe:2.3:a:adobe:coldfusion:2025:update1:*:*:*:*:*:* |
| adobe | coldfusion | 2025 | cpe:2.3:a:adobe:coldfusion:2025:update2:*:*:*:*:*:* |
| adobe | coldfusion | 2025 | cpe:2.3:a:adobe:coldfusion:2025:update3:*:*:*:*:*:* |
| adobe | coldfusion | 2025 | cpe:2.3:a:adobe:coldfusion:2025:update4:*:*:*:*:*:* |
| adobe | coldfusion | 2025 | cpe:2.3:a:adobe:coldfusion:2025:update5:*:*:*:*:*:* |
| adobe | coldfusion | 2025 | cpe:2.3:a:adobe:coldfusion:2025:update6:*:*:*:*:*:* |
| adobe | coldfusion | 2025 | cpe:2.3:a:adobe:coldfusion:2025:update7:*:*:*:*:*:* |
| adobe | coldfusion | 2025 | cpe:2.3:a:adobe:coldfusion:2025:update8:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/coldfusion/apsb26-64.html | Vendor Advisory |