Severity
High
Analysis Summary
CVE-2025-30314 CVSS:6.1
Adobe Connect versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-30315 CVSS:6.1
Adobe Connect versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-30316 CVSS:5.4
Adobe Connect versions are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-43567 CVSS:9.3
Adobe Connect is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Impact
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-30314
CVE-2025-30315
CVE-2025-30316
CVE-2025-43567
Affected Vendors
- Adobe
Affected Products
- Adobe Connect - 12.8
Remediation
Refer to Adobe Security Advisory for patch, upgrade or suggested workaround information.