CVE-2015-0343

Name of the Vulnerable Software and Affected Versions Adobe Connect versions prior to 9.4

Description The issue exists due to inadequate protection of the web page structure in Adobe Connect, allowing for the exploitation of a cross-site scripting (XSS) vulnerability. This can enable a remote attacker to inject arbitrary web script or HTML code using query parameters, such as the query parameter in the admin/home/homepage/search endpoint.

Recommendations For Adobe Connect versions prior to 9.4, update to version 9.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin/home/homepage/search endpoint in the web app to minimize the risk of exploitation.