Cross-Site Scripting Vulnerability in Adobe RoboHelp Products
CVE-2011-2133

Currently unrated

Key Information:

Vendor: Adobe
Status: Robohelp; Robohelp Server
Vendor: CVE Published:; 11 August 2011

Summary

A cross-site scripting vulnerability exists in Adobe RoboHelp versions 8 and 9 prior to 9.0.1.262, as well as in RoboHelp Server versions 8 and 9. This issue allows attackers to inject malicious web scripts or HTML through the URI, particularly targeting the template_stock/whutils.js file. Exploitation of this vulnerability can lead to unauthorized actions being performed on behalf of users, compromising the integrity and confidentiality of information.

References

http://www.us-cert.gov/cas/techalerts/TA11-222A.html

third-party-advisoryx_refsource_CERT

http://www.adobe.com/support/security/bulletins/apsb11-23...

x_refsource_CONFIRM

http://securityreason.com/securityalert/8334

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Aug 11, 2011
Vulnerability Reserved
May 13, 2011