CVE-2024-54032

9.3

Critical

Published:10 Dec 2024

Last updated:17 Jun 2026

Source:psirt@adobe.com

Analyzed

Weakness (CWE)

CWE-79Cross-site Scripting (XSS)

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Scope: Changed
Confidentiality: High
Integrity: High
Availability: None

View on MITRE Find PoC on GitHub

Description

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

References

psirt@adobe.com

https://helpx.adobe.com/security/products/connect/apsb24-99.html