CVE-2017-11287
First published: Sat Dec 09 2017(Updated: )
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Connect | <=9.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-11287?
The severity of CVE-2017-11287 is medium, with a severity value of 6.1.
What is the vulnerability in Adobe Connect 9.6.2 and earlier versions?
The vulnerability in Adobe Connect 9.6.2 and earlier versions is a reflected cross-site scripting (XSS) vulnerability.
How can the vulnerability in Adobe Connect 9.6.2 and earlier version be exploited?
The vulnerability in Adobe Connect 9.6.2 and earlier versions can be exploited by tricking a user into clicking on a specially crafted link that executes malicious scripts.
What can the exploitation of CVE-2017-11287 result in?
The exploitation of CVE-2017-11287 can result in information disclosure.
Is there a fix available for CVE-2017-11287?
Yes, Adobe has released a security bulletin (APSB17-35) that includes patches to address the vulnerability.
- collector/nvd-index
- vendor/adobe
- product/connect
- canonical/adobe connect