CVE-2021-40721 – Adobe Connect Reflected Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-40721
Adobe Connect version 11.2.3 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. La versión 11.2.3 de Adobe Connect (y anteriores) está afectada por una vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) reflejada. Si un atacante es capaz de convencer a una víctima de que visite una URL que haga referencia a una página vulnerable, se puede ejecutar contenido JavaScript malicioso en el contexto del navegador de la víctima • https://helpx.adobe.com/security/products/connect/apsb21-91.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-36063 – Adobe Connect Reflected Cross-site Scripting via 'isTabletDeviceHTML' parameter
https://notcve.org/view.php?id=CVE-2021-36063
Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Adobe Connect versiones 11.2.2 (y anteriores), está afectada por una vulnerabilidad de tipo Cross-site Scripting Reflejado que podría ser abusado por un atacante para inyectar scripts maliciosos en campos de formulario vulnerables. El JavaScript malicioso podría ser ejecutado en el navegador de la víctima cuando ésta navega a la página que contiene el campo vulnerable • https://helpx.adobe.com/security/products/connect/apsb21-66.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-36061 – Adobe Connect Violation of Secure Design Principles Vulnerability Can Lead To Editing Or Deleting Recordings
https://notcve.org/view.php?id=CVE-2021-36061
Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. An unauthenticated attacker could leverage this vulnerability to edit or delete recordings on the Connect environment. Exploitation of this issue requires user interaction in that a victim must publish a link of a Connect recording. Adobe Connect versiones 11.2.2 (y anteriores), está afectada por una vulnerabilidad de violación de los principios de diseño seguro por medio del parámetro "pbMode". Un atacante no autenticado podría aprovechar esta vulnerabilidad para editar o eliminar grabaciones en el entorno de Connect. • https://helpx.adobe.com/security/products/connect/apsb21-66.html • CWE-657: Violation of Secure Design Principles •
CVE-2021-36062 – Adobe Connect Reflected Cross-site Scripting via 'campaign-id' parameter
https://notcve.org/view.php?id=CVE-2021-36062
Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Adobe Connect versiones 11.2.2 (y anteriores), está afectada por una vulnerabilidad de tipo Cross-site Scripting Reflejado que podría ser abusado por un atacante para inyectar scripts maliciosos en los campos de formulario vulnerables. Si un atacante es capaz de convencer a una víctima de que visite una URL que haga referencia a una página vulnerable, podría ser ejecutado contenido JavaScript malicioso en el contexto del navegador de la víctima • https://helpx.adobe.com/security/products/connect/apsb21-66.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-28579 – Adobe Connect improper access control could lead to privilege escalation
https://notcve.org/view.php?id=CVE-2021-28579
Adobe Connect version 11.2.1 (and earlier) is affected by an Improper access control vulnerability that can lead to the elevation of privileges. An attacker with 'Learner' permissions can leverage this scenario to access the list of event participants. Adobe Connect versiones 11.2.1 (y anteriores), está afectada por una vulnerabilidad de control inapropiado de acceso que puede conllevar a una escalada de privilegios. Un atacante con permisos de "Learner" puede aprovechar este escenario para acceder a la lista de participantes en el evento • https://helpx.adobe.com/security/products/connect/apsb21-36.html • CWE-284: Improper Access Control •