Cross-Site Scripting Vulnerability in Adobe RoboHelp Server
CVE-2008-2991

6.1MEDIUM

Key Information:

Vendor

Adobe
Status
Robohelp Server
Vendor
CVE Published:
9 July 2008

What is CVE-2008-2991?

The vulnerability in Adobe RoboHelp Server 6 and 7 enables remote attackers to exploit cross-site scripting flaws by injecting arbitrary web scripts or HTML through specific vectors associated with the Help Errors log. This could lead to unauthorized actions performed on behalf of users visiting affected pages, potentially exposing sensitive information or allowing further attacks.

References

http://www.securityfocus.com/bid/30137
vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2008/2026/references
vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/31001
third-party-advisoryx_refsource_SECUNIA

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.