Critical Alert 1 Active Exploit Detected Today

CVE-2026-48558 SimpleHelp Authentication Bypass Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower


← Back to CVE List

CVE-2026-48307NVD

Vulnerability Summary

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious link. Scope is changed.
Severity Level
HIGH(8.8)
Published Date
Jun 30, 2026
Last Modified
Jun 30, 2026
Exploitation Status
No confirmed exploitation yet
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
The software does not neutralize user-controllable input before it is placed in output that is used as a web page.
CVSS v3.1 Base Metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh