CVE-2023-29305 MEDIUM

CVE-2023-29305: Adobe Connect Reflected Cross-Site Scripting (XSS) Arbitrary code execution

Vendor Adobe

Product Adobe Connect

Weakness CWE-79 · XSS

Published September 13, 2023

Last update February 27, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Key dates

02Disclosure timeline

September 13, 2023 CVE published

February 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-29305 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-27068 WordPress Website LLMs.txt plugin <= 8.2.6 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-59556 WordPress GoStore theme < 1.6.4 - Cross Site Scripting (XSS) vulnerability CVE-2023-1661 Display post meta, term meta, comment meta, and user meta <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-11851 Apeman ID71 set_alias.cgi cross site scripting CVE-2026-6600 langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting