Input Validation Flaw in Adobe RoboHelp Affects Multiple Versions
CVE-2016-7891

6.1MEDIUM

Key Information:

Vendor
Adobe
Status
Adobe Robohelp 2015.0.3 And Earlier, Robohelp 11 And Earlier
Vendor
CVE Published:
15 December 2016

Summary

Adobe RoboHelp versions up to 2015.0.3 and 11 are susceptible to an input validation flaw that could allow attackers to execute cross-site scripting (XSS) attacks. This vulnerability occurs when the software fails to properly validate user input, enabling the injection of malicious scripts into web pages viewed by other users. As a result, attackers can exploit this flaw to gain unauthorized access to sensitive information or perform actions on behalf of the user without their consent.

Affected Version(s)

Adobe RoboHelp 2015.0.3 and earlier, RoboHelp 11 and earlier Adobe RoboHelp 2015.0.3 and earlier, RoboHelp 11 and earlier

References

http://www.securityfocus.com/bid/94878
vdb-entryx_refsource_BID
https://helpx.adobe.com/security/products/robohelp/apsb16...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037456
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.