Cross-site scripting vulnerability in Adobe RoboHelp products
CVE-2007-1280

Currently unrated

Key Information:

Vendor: Adobe
Status: Robohelp; Robohelp Server
Vendor: CVE Published:; 10 May 2007

Summary

Adobe RoboHelp versions X5, 6, and Server 6 are susceptible to a cross-site scripting (XSS) vulnerability that enables remote attackers to inject arbitrary web scripts or HTML through a specially crafted URL containing a hash symbol (#). This exploitation can occur via specific vectors, including templates, en/frameset-7.html scripts, and various other JavaScript files, posing a risk to users by potentially allowing unauthorized access and manipulation of web content.

References

http://secunia.com/advisories/25211

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/23878

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2007/1714

vdb-entryx_refsource_VUPEN

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 10, 2007
Vulnerability Reserved
Mar 5, 2007