Reflected XSS Vulnerability in Adobe Connect
CVE-2024-54047

6.1MEDIUM

Key Information:

Vendor: Adobe
Status: Connect
Vendor: CVE Published:; 10 December 2024

Summary

Adobe Connect, a popular online meeting and collaboration platform, is susceptible to a reflected Cross-Site Scripting (XSS) vulnerability in versions 12.6 and 11.4.7 and earlier. This vulnerability allows an unauthenticated attacker to exploit a vulnerable page by tricking the user into clicking a specially crafted URL. If successful, the malicious JavaScript executed in the user's browser could lead to unauthorized actions, data breaches, or other security issues. Users of affected versions should apply available updates and implement necessary security measures to mitigate risk.

References

https://helpx.adobe.com/security/products/connect/apsb24-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 10, 2024