June 23, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
STOP aka DJVU Ransomware – Active IOCs
December 30, 2024
Credit Cards of ZAGG Customers Stolen by Threat Actors in Third-Party Breach
December 30, 2024
STOP aka DJVU Ransomware – Active IOCs
December 30, 2024
Credit Cards of ZAGG Customers Stolen by Threat Actors in Third-Party Breach
December 30, 2024
Severity
Medium
Analysis Summary
CVE-2024-54051 CVSS:6.1
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
CVE-2024-54050 CVSS:6.1
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
CVE-2024-54049 CVSS:6.1
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2024-54048 CVSS:6.1
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2024-54047 CVSS:6.1
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2024-54046 CVSS:6.1
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2024-54045 CVSS:6.1
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2024-54044 CVSS:6.1
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2024-54043 CVSS:6.1
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2024-54042 CVSS:6.1
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2024-54041 CVSS:5.4
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-54040 CVSS:5.4
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Impact
- Gain Access
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-54051
- CVE-2024-54050
- CVE-2024-54049
- CVE-2024-54048
- CVE-2024-54047
- CVE-2024-54046
- CVE-2024-54045
- CVE-2024-54044
- CVE-2024-54043
- CVE-2024-54042
- CVE-2024-54041
- CVE-2024-54040
Affected Vendors
Adobe
Affected Products
- Adobe Connect 12.6
- Adobe Connect 11.4.7
Remediation
Refer to Adobe Security Advisory for patch, upgrade, or suggested workaround information.