Lucene search
Stas VolfusPACKETSTORM:132269HistoryJun 11, 2015 - 12:00 a.m.
Adobe Connect 9.3 Cross Site Scripting
2015-06-1100:00:00
Stas Volfus
packetstormsecurity.com
31
0.007 Low
EPSS
Percentile
81.0%
`Advisory: Adobe Connect Reflected XSS
Author: Stas Volfus (Bugsec Information Security LTD)
Vendor URL: http://www.adobe.com/
Status: Vendor Notified
==========================
Vulnerability Description
==========================
Adobe Connect (Central) version: 9.3 is vulnerable to Reflected XSS (Cross Site Scripting).
The attack allows execution of arbitrary JavaScript in the context of the userΒs browser.
CVE id: CVE-2015-0343 assigned for this issue.
==========================
PoC
==========================
The following URL demonstrates the vulnerability:
https://vulnerablewebsite.com/admin/home/homepage/search?account-id=1&filter-rows=1&filter-start=0&now=yes&query=<a href="javascript:alert('XSS')">XSS Link</a>
==========================
Disclosure Timeline
==========================
04-NOV-2014 - Vendor notified
01-DEC-2014 - CVE assigned
27-MAR-2015 - Resolved by vendor, fix deployed on Adobe Connect 9.4.
==========================
References
==========================
http://www.adobe.com/il_en/products/adobeconnect.html
https://helpx.adobe.com/adobe-connect/release-note/connect-94-release-notes.html
`
Related
securityvulns
securityvulns
XSS vulnerability Adobe Connect 9.3 (CVE-2015-0343 )
2015-06-14 00:00:00
cve
cve
CVE-2015-0343
2015-06-13 15:59:00
prion
prion
Cross site scripting
2015-06-13 15:59:00
nvd
nvd
CVE-2015-0343
2015-06-13 15:59:00
cvelist
cvelist
CVE-2015-0343
2015-06-13 15:00:00
openvas
openvas
Adobe Connect < 9.4 Multiple Vulnerabilities
2015-06-19 00:00:00