CVE-2021-40721: 
NixOS vulnerability analysis and mitigation

Adobe Connect version 11.2.3 and earlier versions were identified with a reflected Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2021-40721. The vulnerability was disclosed on October 15, 2021, affecting Adobe Connect installations from version 11.0 up to version 11.2.3 (NVD).

The vulnerability is classified as a reflected Cross-Site Scripting (XSS) issue, categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation). The severity assessment according to CVSS 3.1 indicates a Medium severity with a base score of 6.1, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. Under CVSS 2.0, it received a base score of 4.3 with the vector (AV:N/AC:M/Au:N/C:N/I:P/A:N) (NVD).

If successfully exploited, this vulnerability allows an attacker to execute malicious JavaScript content within the context of the victim's browser. This could potentially lead to unauthorized access to sensitive information and compromise of user sessions (NVD).

Adobe has released security updates to address this vulnerability, as detailed in their security bulletin APSB21-91. Users are advised to update their Adobe Connect installations to the latest version to mitigate this security risk (Adobe Advisory).