CVE-2024-54034

Name of the Vulnerable Software and Affected Versions Adobe Connect versions 12.6, 11.4.7 and earlier

Description The issue is related to a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker convinces a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. The vulnerability is also associated with a lack of protection for the web page structure, which can allow a remote attacker to elevate their privileges and execute arbitrary code.

Recommendations For Adobe Connect versions 12.6, 11.4.7 and earlier, update to a version that is not affected by this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.