Primary

Context

Adobe Connect DOM-Based Cross-Site Scripting Vulnerability Allowing Session Takeover

Vulnerability

Patched

A DOM-based cross-site scripting vulnerability has been identified in Adobe Connect versions 12.9 and earlier. This vulnerability allows attackers to execute malicious scripts in the context of the victim's browser. Exploitation requires user interaction, as the victim must visit a specially crafted web page. Successful exploitation could lead to session takeover, significantly impacting the confidentiality and integrity of the affected user.

Impact

Exploitation of this vulnerability could result in arbitrary code execution in the context of the victim's browser, potentially leading to session takeover.

Remediation

Users are advised to update Adobe Connect to version 12.10, available for both Windows and macOS.

Added: Oct 14, 2025, 11:54 PM

Updated: Oct 14, 2025, 11:54 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

6.5

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

6.5

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Adobe Connect DOM-Based Cross-Site Scripting Vulnerability Allowing Session Takeover

Vulnerability

Impact

Remediation

Affected Products

Adobe Connect

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating