Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2016 Greenbone AGOPENVAS:1361412562310809471
HistoryNov 15, 2016 - 12:00 a.m.

Adobe Connect < 9.5.7 XSS Vulnerability (APSB16-35)

2016-11-1500:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
11

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.006 Low

EPSS

Percentile

77.7%

JSON

Adobe Connect is prone to a cross-site scripting (XSS)
vulnerability.

# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:adobe:connect";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.809471");
  script_version("2023-09-15T16:10:33+0000");
  script_tag(name:"last_modification", value:"2023-09-15 16:10:33 +0000 (Fri, 15 Sep 2023)");
  script_tag(name:"creation_date", value:"2016-11-15 13:01:25 +0530 (Tue, 15 Nov 2016)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2017-09-03 01:29:00 +0000 (Sun, 03 Sep 2017)");

  script_cve_id("CVE-2016-7851");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Adobe Connect < 9.5.7 XSS Vulnerability (APSB16-35)");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_adobe_connect_http_detect.nasl");
  script_mandatory_keys("adobe/connect/detected");

  script_tag(name:"summary", value:"Adobe Connect is prone to a cross-site scripting (XSS)
  vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The flaw exists as adobe connect does not adequately validate
  user inputs in the events registration module.");

  script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to cause
  cross-site scripting attack.");

  script_tag(name:"affected", value:"Adobe Connect prior to version 9.5.7.");

  script_tag(name:"solution", value:"Update to version 9.5.7 or later.");

  script_xref(name:"URL", value:"https://helpx.adobe.com/security/products/connect/apsb16-35.html");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/94152");

  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if (!version = get_app_version(cpe: CPE, port: port))
  exit(0);

if (version_is_less(version: version, test_version: "9.5.7")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "9.5.7");
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

Related

nessus 1
vulnerlab 2
exploitpack 1
prion 1
cve 1
packetstorm 1
adobe 1
zdt 1
cvelist 1
nvd 1
exploitdb 1
nessus
nessus
Adobe Connect < 9.5.7 event_registration.html Multiple Parameter XSS (APSB16-35)
2016-11-14 00:00:00
vulnerlab
vulnerlab
Adobe Connect & Desktop v9.5.6 - Persistent Vulnerability
2016-11-09 00:00:00
Adobe Connect & Desktop v9.5.6 - Persistent Vulnerability
2016-11-09 00:00:00
exploitpack
exploitpack
Adobe Connect 9.5.7 - Cross-Site Scripting
2016-11-09 00:00:00
prion
prion
Cross site scripting
2016-11-08 17:59:00
cve
cve
CVE-2016-7851
2016-11-08 17:59:00
packetstorm
packetstorm
Adobe Connect / Desktop 9.5.7 Script Insertion
2016-11-09 00:00:00
adobe
adobe
APSB16-35 Security update available for Adobe Connect
2016-11-08 00:00:00
zdt
zdt
Adobe Connect 9.5.7 - Cross-Site Scripting Vulnerability
2016-11-09 00:00:00
cvelist
cvelist
CVE-2016-7851
2016-11-08 17:45:00
nvd
nvd
CVE-2016-7851
2016-11-08 17:59:00
exploitdb
exploitdb
Adobe Connect 9.5.7 - Cross-Site Scripting
2016-11-09 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.006 Low

EPSS

Percentile

77.7%

JSON
Related for OPENVAS:1361412562310809471
nessus1vulnerlab2exploitpack1prion1cve1packetstorm1adobe1zdt1cvelist1nvd1exploitdb1