Cross-site Scripting Vulnerability in Adobe RoboHelp Server
CVE-2009-0523

Currently unrated

Key Information:

Vendor: Adobe
Status: Robohelp Server; Robohelp
Vendor: CVE Published:; 26 February 2009

Summary

A Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server versions 6 and 7 allows remote attackers to inject malicious web scripts or HTML through specially crafted URLs. This flaw becomes apparent when the Help Errors log fails to properly sanitize input data. Exploitation of this vulnerability could result in unauthorized actions executed in the context of the victim's session, potentially leading to data leakage or manipulation.

References

http://www.vupen.com/english/advisories/2009/0512

vdb-entryx_refsource_VUPEN

http://securitytracker.com/id?1021755

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/34048

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 26, 2009
Vulnerability Reserved
Feb 10, 2009