CVE-2024-54036 CRITICAL

CVE-2024-54036: Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)

Vendor Adobe
Product Adobe Connect
Weakness CWE-79 · XSS
Published December 10, 2024
Last update January 14, 2025
View on NVD All CVEs

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

Key dates

02Disclosure timeline

December 10, 2024 CVE published
January 14, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-2654 Classima < 2.1.11 - Reflected Cross-Site Scripting CVE-2025-58621 WordPress PuzzleMe for WordPress Plugin <= 1.2.0 - Cross Site Scripting (XSS) Vulnerability CVE-2024-1536 Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar CVE-2025-58095 CVE-2021-24426 Backup by 10Web <= 1.0.20 - Reflected Cross-Site Scripting (XSS)