Stas Volfus

**Name of the Vulnerable Software and Affected Versions** Adobe Connect versions prior to 9.4 **Description** The issue exists due to inadequate protection of the web page structure in Adobe Connect, allowing for the exploitation of a cross-site scripting (XSS) vulnerability. This can enable a remote attacker to inject arbitrary web script or HTML code using query parameters, such as the query parameter in the admin/home/homepage/search endpoint. **Recommendations** For Adobe Connect versions prior to 9.4, update to version 9.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/home/homepage/search endpoint in the web app to minimize the risk of exploitation.