Adobe Connect vulnerabilities

CVE-2017-3101 [HIGH] CVE-2017-3101: Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack.

CVE-2017-3103 [MEDIUM] CWE-79 CVE-2017-3103: Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successfu Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack.

CVE-2017-3102 [MEDIUM] CWE-79 CVE-2017-3102: Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Succes Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack.

CVE-2016-7851 [MEDIUM] CWE-79 CVE-2016-7851: Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registratio Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.

CVE-2016-4118 [HIGH] CWE-264 CVE-2016-4118: Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors.

CVE-2016-0949 [CRITICAL] CVE-2016-0949: Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted param Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL.

CVE-2016-0948 [HIGH] CWE-352 CVE-2016-0948: Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attacker Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2016-0950 [MEDIUM] CWE-20 CVE-2016-0950: Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vecto Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors.

CVE-2015-0344 [MEDIUM] CWE-79 CVE-2015-0344: Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote at Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-0343 [MEDIUM] CWE-79 CVE-2015-0343: Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Conne Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.