CVE-2009-0523
https://notcve.org/view.php?id=CVE-2009-0523
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados - XSS - en Adobe RoboHelp Server 6 y 7 que permite a los atacantes remoto inyectar arbitrariamente una secuencia de comandos web o HTML a través de URL manipuladas, lo que es manejado apropiadamente cuando se muestra el registro de errores de la ayuda. • http://secunia.com/advisories/34048 http://securitytracker.com/id?1021755 http://www.adobe.com/support/security/bulletins/apsb09-02.html http://www.securityfocus.com/bid/33887 http://www.vupen.com/english/advisories/2009/0512 https://exchange.xforce.ibmcloud.com/vulnerabilities/48890 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-0524
https://notcve.org/view.php?id=CVE-2009-0524
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en Adobe RoboHelp v6 y v7, y RoboHelp Server v6 y v7, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores que implican ficheros creados con robohelp. • http://secunia.com/advisories/34032 http://secunia.com/advisories/34048 http://securitytracker.com/id?1021755 http://www.adobe.com/support/security/bulletins/apsb09-02.html http://www.securityfocus.com/bid/33888 http://www.vupen.com/english/advisories/2009/0512 https://exchange.xforce.ibmcloud.com/vulnerabilities/48889 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-2991
https://notcve.org/view.php?id=CVE-2008-2991
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Help Errors log. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Adobe RoboHelp Server 6 y 7 permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores relacionados con el log Help Errors. • http://secunia.com/advisories/31001 http://securitytracker.com/id?1020442 http://www.adobe.com/support/security/bulletins/apsb08-16.html http://www.securityfocus.com/bid/30137 http://www.vupen.com/english/advisories/2008/2026/references • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-0642
https://notcve.org/view.php?id=CVE-2008-0642
Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-1280. Vulnerabilidad de secuencias de comandos en sitios cruzados en archivos creados por Adobe RoboHelp 6 and 7, y posiblemente las extensiones (1) WebHelp5 (WebHelp5Ext) o (2) WildFire (WildFireExt), permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores no especificados. Vulnerabilidad distinta de CVE-2007-1280. • http://secunia.com/advisories/28945 http://securitytracker.com/id?1019397 http://www.adobe.com/support/security/bulletins/apsb08-05.html http://www.securityfocus.com/bid/27763 http://www.vupen.com/english/advisories/2008/0537 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-1280 – Adobe RoboHelp - Frameset-7.HTML Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1280
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6. Una vulnerabilidad de tipo cross-site-scripting (XSS) en Adobe RoboHelp versiones X5, 6 y Server versión 6 permite a los atacantes remotos inyectar scripts web o HTML arbitrarios por medio de una dirección URL después de un valor de dirección URL en la ruta de url, como se ha demostrado utilizando en/frameset-7.html, y posiblemente otros vectores no especificados con plantillas y (1) whstart.js y (2) whcsh_home.htm en WebHelp, (3) wf_startpage.js y (4) wf_startqs.htm en FlashHelp o (5) la biblioteca WindowManager.dll en RoboHelp Server versión 6. • https://www.exploit-db.com/exploits/30016 http://osvdb.org/35867 http://secunia.com/advisories/25211 http://www.adobe.com/support/security/bulletins/apsb07-10.html http://www.devtarget.org/adobe-advisory-05-2007.txt http://www.securityfocus.com/archive/1/468360/100/0/threaded http://www.securityfocus.com/bid/23878 http://www.securitytracker.com/id?1018020 http://www.vupen.com/english/advisories/2007/1714 https://exchange.xforce.ibmcloud.com/vulnerabilities/34181 •