How severe is CVE-2024-54037?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-54037?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-54037 - HIGH Severity | CVSS 8.1

Vulnerability Description

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the high-privileged attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.

Related Vulnerabilities

CVE-2017-8899

HIGH

CVSS:8.1(High)

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by...

CWE-792017

CVE-2019-10905

HIGH

CVSS:8.1(High)

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script (already running on the affected page) executes the c...

CWE-792019

CVE-2019-11215

HIGH

CVSS:8.1(High)

In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writable, then execution of arbitrary code can be accomplished by calling ajax.dataloader with a maliciously crafted payload. Many con...

CWE-792019

CVE-2019-17337

HIGH

CVSS:8.1(High)

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker t...

CWE-792019

CVE-2019-19821

HIGH

CVSS:8.1(High)

A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not ...

CWE-792019

CVE-2020-15273

HIGH

CVSS:8.1(High)

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registrat...

CWE-792020