CVE-2021-36062 MEDIUM

CVE-2021-36062: Adobe Connect Reflected Cross-site Scripting via 'campaign-id' parameter

Vendor Adobe
Product Connect
Weakness CWE-79 · XSS
Published September 1, 2021
Last update September 17, 2024
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Key dates

02Disclosure timeline

September 1, 2021 CVE published
September 17, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-48113 WordPress Broadstreet plugin <= 1.51.2 - Cross Site Scripting (XSS) vulnerability CVE-2024-21750 WordPress Shortcodes Finder Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS) CVE-2024-11782 WP Mailster <= 1.8.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-51838 WordPress Pull This plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability CVE-2021-36846 WordPress Chaty plugin <= 2.8.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability