CVE-2024-54036

Name of the Vulnerable Software and Affected Versions Adobe Connect versions 11.4.7 and earlier, 12.6

Description The issue is related to a stored Cross-Site Scripting (XSS) vulnerability. This vulnerability could be abused by an attacker to inject malicious scripts into vulnerable form fields. When a victim browses to the page containing the vulnerable field, malicious JavaScript may be executed in their browser. A successful attacker can abuse this to achieve session takeover, which increases the confidentiality and integrity impact.

Recommendations For Adobe Connect versions 11.4.7 and earlier, update to a version later than 11.4.7 to mitigate the risk. For Adobe Connect version 12.6, update to a version later than 12.6 to mitigate the risk. As a temporary workaround, consider restricting access to vulnerable form fields until a patch is available.