CVE-2016-7851

MEDIUM

Adobe Connect <= 9.5.6 - Cross-Site Scripting in Events Registration Module

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-7851. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This is a detailed writeup describing a persistent XSS vulnerability in Adobe Connect's event registration form. The vulnerability allows remote attackers to inject malicious script code via the `firstname`, `lastname`, and `companyname` parameters, which are then executed in the email body context sent to administrators.

Description

Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Vulnerability-Lab · textwebappswindows
https://www.exploit-db.com/exploits/40742

This is a detailed writeup describing a persistent XSS vulnerability in Adobe Connect's event registration form. The vulnerability allows remote attackers to inject malicious script code via the `firstname`, `lastname`, and `companyname` parameters, which are then executed in the email body context sent to administrators.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Adobe Connect & Desktop v9.5.7
No auth needed
Prerequisites: Access to the event registration form · Ability to submit a POST request with malicious payload
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037239
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94152
Patch, Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/connect/apsb16-35.html
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/40742/

Scores

CVSS v3 6.1
EPSS 0.0701
EPSS Percentile 93.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
adobe/connect < 9.5.6
n/a/Adobe Connect 9.5.6 and earlier versions Adobe Connect 9.5.6 and earlier versions
Published Nov 08, 2016
Tracked Since Feb 18, 2026