CVE-2021-21080 MEDIUM

CVE-2021-21080: Adobe Connect Reflected Cross-site Scripting via query parameter

Vendor Adobe

Product Connect

Weakness CWE-79 · XSS

Published March 12, 2021

Last update April 23, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field.

Key dates

02Disclosure timeline

March 12, 2021 CVE published

April 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-21080 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2021-21080

CWE CWE-79

CVSS 6.1 / MEDIUM

Affected versions

Vendor Adobe

Product Connect

Affected ≥ unspecified and ≤ 11.0.7

Vendor Adobe

Product Connect

Affected ≥ unspecified and ≤ None

CVE-2021-21080: Adobe Connect Reflected Cross-site Scripting via query parameter

01Description

02Disclosure timeline

03References

04Related CVE