Stored Cross-Site Scripting Vulnerability in Adobe Connect
CVE-2024-54036
9.3CRITICAL
Summary
Adobe Connect versions 12.6, 11.4.7, and earlier are susceptible to a stored Cross-Site Scripting vulnerability, allowing attackers to inject malicious scripts into form fields. When a user accesses a page with a compromised field, the attacker's JavaScript code can execute in their browser, potentially leading to session hijacking and risks to both confidentiality and integrity of user data.
References
CVSS V3.1
Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published