CVE-2022-28818: 
Adobe ColdFusion 2018 vulnerability analysis and mitigation

Adobe ColdFusion versions CF2021U3 (and earlier) and CF2018U13 were identified with a reflected Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered and assigned CVE-2022-28818, with the initial record creation date of April 8, 2022, and public disclosure on May 12, 2022. The affected software includes multiple versions of Adobe ColdFusion 2018 and 2021 (NVD, CVE Mitre).

The vulnerability is classified as a reflected Cross-Site Scripting (XSS) issue, categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation). The severity assessment according to CVSS 3.1 indicates a Medium severity with a base score of 6.1 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Under CVSS 2.0, it received a base score of 4.3 (Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) (NVD).

If successfully exploited, this vulnerability allows an attacker to execute malicious JavaScript content within the context of the victim's browser. The impact primarily affects the confidentiality and integrity of the system with low severity, while availability remains unaffected (NVD).

Adobe has addressed this vulnerability through security updates. Users are advised to update their ColdFusion installations to versions newer than CF2021U3 and CF2018U13 (Adobe Advisory).