Skip to main content

Connect CVE-2021-40721

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2021-10-15 psirt@adobe.com
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 15, 2021 - 15:15 nvd
MEDIUM 6.1

DescriptionNVD

Adobe Connect version 11.2.3 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

AnalysisAI

Adobe Connect version 11.2.3 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Adobe Connect version 11.2.3 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Affected products include: Adobe Connect. Version information: version 11.2.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2021-26715 CRITICAL POC
9.1 Mar 25

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF)

CVE-2021-27582 CRITICAL POC
9.1 Feb 23

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect th

CVE-2020-9442 HIGH POC
7.8 Feb 28

OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10,

CVE-2016-7851 MEDIUM POC
6.1 Nov 08

Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. Rated medi

CVE-2017-11291 CRITICAL
10.0 Dec 09

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. Rated critical severity (CVSS 10.0), this vulnerabi

CVE-2016-0949 CRITICAL
9.8 Feb 10

Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL. Rated

CVE-2022-38131 MEDIUM POC
6.1 Sep 06

RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. Rated medium severity (CVSS 6.1), this vulnera

CVE-2020-5497 MEDIUM POC
6.1 Jan 04

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being inclu

CVE-2023-4662 CRITICAL
9.8 Sep 15

Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion. Rated criti

CVE-2023-4661 CRITICAL
9.8 Sep 15

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Co

CVE-2021-40719 CRITICAL
9.8 Oct 21

Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve a

CVE-2020-4747 CRITICAL
9.8 Dec 15

IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated C

Share

CVE-2021-40721 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy