Adobe: >> Connect >> 6.3 Security Vulnerabilities
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.
CVSS Score
6.1
EPSS Score
0.065
Published
2016-11-08
Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors.
CVSS Score
7.8
EPSS Score
0.006
Published
2016-05-30
Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors.
CVSS Score
5.3
EPSS Score
0.007
Published
2016-02-10
Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL.
CVSS Score
9.8
EPSS Score
0.024
Published
2016-02-10
Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVSS Score
8.8
EPSS Score
0.003
Published
2016-02-10
Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.006
Published
2015-06-13
Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVSS Score
4.3
EPSS Score
0.007
Published
2015-06-13
Page 6