Adobe: >> Connect >> 1.0.0.1 Security Vulnerabilities
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
CVSS Score
9.3
EPSS Score
0.019
Published
2024-12-10
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
CVSS Score
9.3
EPSS Score
0.018
Published
2024-12-10
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
CVSS Score
9.3
EPSS Score
0.018
Published
2024-12-10
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-12-10
Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.
This issue affects Saphira Connect: before 9.
CVSS Score
9.8
EPSS Score
0.01
Published
2023-09-15
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS.
This issue affects Saphira Connect: before 9.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-09-15
Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.
This issue affects Saphira Connect: before 9.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-09-15
Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.
This issue affects Saphira Connect: before 9.
CVSS Score
8.8
EPSS Score
0.008
Published
2023-09-15
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection.
This issue affects Saphira Connect: before 9.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-15
Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVSS Score
6.1
EPSS Score
0.011
Published
2023-09-13