Reflected Cross-Site Scripting Vulnerability in Adobe Connect
CVE-2024-54044

6.1MEDIUM

Key Information:

Vendor: Adobe
Status: Connect
Vendor: CVE Published:; 10 December 2024

Summary

Adobe Connect is vulnerable to a reflected Cross-Site Scripting (XSS) flaw that may allow unauthenticated attackers to execute malicious JavaScript within the victim's browser by persuading them to access a specially crafted URL. This vulnerability affects versions 12.6, 11.4.7, and earlier releases, emphasizing the need for users to ensure they are running the latest, secure version of the software to safeguard their systems against possible exploits.

References

https://helpx.adobe.com/security/products/connect/apsb24-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 10, 2024