EUVD-2026-22662

| CVE-2026-27245 CRITICAL
2026-04-14 adobe GHSA-px9p-mm95-78ww
XSS Adobe
9.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Apr 14, 2026 - 19:39 vuln.today

DescriptionNVD

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed.

AnalysisAI

Reflected Cross-Site Scripting in Adobe Connect 12.10 and earlier allows unauthenticated remote attackers to execute malicious JavaScript in victim browsers via crafted URLs, with scope change enabling attacks beyond the vulnerable application's security context. CVSS 9.3 severity driven by network-based attack vector requiring no privileges, changed scope allowing cross-domain impact, and high confidentiality/integrity compromise. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all instances of Adobe Connect 12.10 and earlier in production and document current version inventory. Within 7 days: Implement network-level controls restricting Adobe Connect access to known internal IP ranges and require multi-factor authentication for all user sessions; monitor for suspicious URLs and failed session activity. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-22662 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy