Description
Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- Adobe / Connectunspecified – 11.2.2
- Adobe / Connectunspecified – None