CVE-2024-54042

Name of the Vulnerable Software and Affected Versions Adobe Connect versions 12.6, 11.4.7 and earlier

Description The issue is related to a reflected Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker may convince a victim to visit a URL referencing a vulnerable page, allowing malicious JavaScript content to be executed within the context of the victim's browser. The vulnerability is also associated with inadequate protection of the web page structure, which could allow a remote attacker to elevate privileges and execute arbitrary code.

Recommendations For Adobe Connect versions 12.6, 11.4.7 and earlier, consider disabling access to vulnerable pages until a patch is available. As a temporary workaround, restrict the execution of JavaScript content within the context of the victim's browser to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.