Skip to main content

Connect CVE-2024-54044

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2024-12-10 psirt@adobe.com
6.1
CVSS 3.1 · Vendor: adobe
Share

Severity by source

Vendor (adobe) PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from Vendor (adobe) · only source for this CVE.

CVSS VectorVendor: adobe

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 10, 2024 - 21:15 cve.org
MEDIUM 6.1

DescriptionCVE.org

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

AnalysisAI

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Affected products include: Adobe Connect.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2021-26715 CRITICAL POC
9.1 Mar 25

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF)

CVE-2021-27582 CRITICAL POC
9.1 Feb 23

org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation for MITREid Connect th

CVE-2020-9442 HIGH POC
7.8 Feb 28

OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10,

CVE-2016-7851 MEDIUM POC
6.1 Nov 08

Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. Rated medi

CVE-2017-11291 CRITICAL
10.0 Dec 09

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. Rated critical severity (CVSS 10.0), this vulnerabi

CVE-2016-0949 CRITICAL
9.8 Feb 10

Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL. Rated

CVE-2022-38131 MEDIUM POC
6.1 Sep 06

RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. Rated medium severity (CVSS 6.1), this vulnera

CVE-2020-5497 MEDIUM POC
6.1 Jan 04

The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being inclu

CVE-2023-4662 CRITICAL
9.8 Sep 15

Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion. Rated criti

CVE-2023-4661 CRITICAL
9.8 Sep 15

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Co

CVE-2021-40719 CRITICAL
9.8 Oct 21

Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve a

CVE-2020-4747 CRITICAL
9.8 Dec 15

IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated C

Share

CVE-2024-54044 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy