Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-54037

8.1HIGH

Key Information:

Vendor: Adobe
Status: Adobe Connect
Vendor: CVE Published:; 10 December 2024

Summary

Adobe Connect versions 12.6, 11.4.7, and prior are susceptible to a DOM-based Cross-Site Scripting (XSS) vulnerability. This issue can be exploited by an attacker through the manipulation of a DOM element via a crafted URL or malicious user input, allowing the execution of arbitrary code within the victim's browser session. To successfully execute this attack, user interaction is necessary; the victim must visit a compromised link or submit data through a manipulated form. The vulnerability's exploitation hinges on the victim permitting all popups, which elevates the complexity of the attack. Attackers leveraging this vulnerability can potentially execute harmful scripts that may lead to session hijacking and compromise sensitive information.

Affected Version(s)

Adobe Connect 0 <= 11.4.7

References

https://helpx.adobe.com/security/products/connect/apsb24-...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 10, 2024