Cross-Site Scripting Vulnerability in Adobe Connect by Adobe
CVE-2016-7851

6.1MEDIUM

Key Information:

Vendor
Adobe
Status
Adobe Connect 9.5.6 And Earlier Versions
Vendor
CVE Published:
8 November 2016

Summary

Adobe Connect versions up to 9.5.6 have a vulnerability in the events registration module due to insufficient input validation. This flaw can be exploited by malicious actors to perform cross-site scripting attacks, potentially allowing unauthorized access to sensitive information or control over user sessions. Updating to the latest version is essential to mitigate this risk.

Affected Version(s)

Adobe Connect 9.5.6 and earlier Adobe Connect 9.5.6 and earlier versions

References

http://www.securitytracker.com/id/1037239
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/94152
vdb-entryx_refsource_BID
https://helpx.adobe.com/security/products/connect/apsb16-...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.