Primary

Context

Adobe Connect DOM-Based Cross-Site Scripting Vulnerability Allowing Session Takeover

Vulnerability

Patched

A DOM-based cross-site scripting vulnerability has been identified in Adobe Connect versions 12.9 and earlier. This vulnerability allows a high-privileged attacker to execute malicious scripts in the browser of a victim who interacts with a crafted web page. The exploitation of this issue could lead to session takeover, significantly increasing the risk to the confidentiality and integrity of the affected user.

Impact

Exploitation of this vulnerability could result in arbitrary code execution in the context of the victim's browser, potentially leading to session takeover.

Remediation

Users are advised to update Adobe Connect to version 12.10, available for both Windows and macOS.

Added: Oct 14, 2025, 11:54 PM

Updated: Oct 14, 2025, 11:54 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.4

exploitability

4.7

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.4

exploitability

4.7

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Adobe Connect DOM-Based Cross-Site Scripting Vulnerability Allowing Session Takeover

Vulnerability

Impact

Remediation

Affected Products

Adobe Connect

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating