Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Adobe
Adobe connect |
|
CPEs | cpe:2.3:a:adobe:connect:*:*:*:*:*:*:*:* | |
Vendors & Products |
Adobe
Adobe connect |
Tue, 10 Dec 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Dec 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form. | |
Title | Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79) | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: adobe
Published: 2024-12-10T20:42:18.680Z
Updated: 2024-12-17T04:55:52.290Z
Reserved: 2024-11-27T16:21:41.942Z
Link: CVE-2024-54037
Vulnrichment
Updated: 2024-12-10T21:24:51.567Z
NVD
Status : Analyzed
Published: 2024-12-10T21:15:21.080
Modified: 2024-12-18T14:40:29.303
Link: CVE-2024-54037
Redhat
No data.