Описание
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
9.3 Critical
CVSS3
Дефекты
Связанные уязвимости
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
Уязвимость программного обеспечения для веб-конференций Adobe Connect, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
EPSS
9.3 Critical
CVSS3