{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T12:18:37.162","vulnerabilities":[{"cve":{"id":"CVE-2024-54037","sourceIdentifier":"psirt@adobe.com","published":"2024-12-10T21:15:21.080","lastModified":"2025-01-21T17:07:30.483","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the high-privileged attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high."},{"lang":"es","value":"Las versiones 12.6, 11.4.7 y anteriores de Adobe Connect se ven afectadas por una vulnerabilidad de DOM-based Cross-Site Scripting (XSS) en DOM que un atacante podría aprovechar para ejecutar código arbitrario en el contexto de la sesión del navegador de la víctima. Al manipular un elemento DOM a través de una URL manipulada o de la entrada del usuario, el atacante puede inyectar secuencias de comandos maliciosas que se ejecutan cuando se procesa la página. Este tipo de ataque requiere la interacción del usuario, ya que la víctima tendría que visitar un enlace malicioso o ingresar datos en un formulario comprometido."}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":5.8}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:connect:*:*:*:*:*:*:*:*","versionEndExcluding":"11.4.9","matchCriteriaId":"599EEA89-BDA1-4FF2-9B78-103DDDD1E262"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:connect:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0","versionEndExcluding":"12.7","matchCriteriaId":"E877A861-6761-4E6E-8589-34C30346DCEE"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/connect/apsb24-99.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}}]}