CVE-2023-53880

UNKNOWN 0.0

Lucee 5.4.2.17 Authenticated Reflected Cross-Site Scripting via Admin Interfaces

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScript in victim's browser sessions.

CWE	CWE-79
Vendor	lucee
Product	lucee
Published	Dec 15, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for lucee lucee

Be the first to know when new unknown vulnerabilities affecting lucee lucee are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Lucee / Lucee

5.4.2.17

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51668 lucee.org: https://www.lucee.org/ vulncheck.com: https://www.vulncheck.com/advisories/lucee-authenticated-reflected-cross-site-scripting-via-admin-interfaces

Credits

Yehia Elghaly