MEDIUM
lucee
CVE published 2026-07-10
CVE-2026-29519
CVE-2026-29519 is a reflected cross-site scripting vulnerability affecting Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines. The vulnerability allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads within the request path. Attackers can craft a malicious URL containing injected script content [truncated]