Public CVE-2021-21092 disclosure

ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser