Stored Cross-Site Scripting Vulnerability in Adobe Connect
CVE-2017-3103

6.1MEDIUM

Key Information:

Vendor
Adobe
Status
Adobe Connect 9.6.1 And Earlier.
Vendor
CVE Published:
14 July 2017

Summary

Adobe Connect versions up to 9.6.1 are vulnerable to a stored cross-site scripting (XSS) attack. This vulnerability allows an attacker to inject malicious scripts that can be executed in the context of a user's browser, potentially compromising sensitive information and user accounts. Successful exploitation may enable attackers to establish control over affected sessions and manipulate how users interact with the application.

Affected Version(s)

Adobe Connect 9.6.1 and earlier. Adobe Connect 9.6.1 and earlier.

References

https://helpx.adobe.com/security/products/connect/apsb17-...
x_refsource_MISC
http://www.securityfocus.com/bid/99518
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038846
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.