CVE-2021-21079: Adobe Connect Reflected Cross-site Scripting via archiveOffset parameter
First published: Fri Mar 12 2021(Updated: )
Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Connect | <=11.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-21079?
CVE-2021-21079 is a reflected Cross-Site Scripting (XSS) vulnerability in Adobe Connect version 11.0.7 and earlier.
How does CVE-2021-21079 affect Adobe Connect?
CVE-2021-21079 allows an attacker to inject malicious JavaScript code that can be executed within the victim's browser when they visit a page containing the vulnerability.
What is the severity of CVE-2021-21079?
CVE-2021-21079 has a severity rating of medium (6.1).
How can I fix CVE-2021-21079?
To fix CVE-2021-21079, update Adobe Connect to version 11.0.8 or later.
Where can I find more information about CVE-2021-21079?
More information about CVE-2021-21079 can be found at: https://helpx.adobe.com/security/products/connect/apsb21-19.html
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/title
- agent/last-modified-date
- agent/references
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/adobe
- canonical/adobe connect
- version/adobe connect/11.0.7