CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23201 – Adobe RoboHelp Reflected XSS could lead to Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-23201
15 Jul 2022 — Adobe RoboHelp versions 2020.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Adobe RoboHelp versiones 2020.0.7 (y anteriores), están afectadas por una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejado. Si un atacante es capaz de convencer a una víctima de que visite una URL que haga ... • https://helpx.adobe.com/security/products/robohelp/apsb22-10.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21070 – Privilege Escalation Vulnerability in Adobe RoboHelp
https://notcve.org/view.php?id=CVE-2021-21070
19 Apr 2021 — Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with admin permissions to write to the file system could leverage this vulnerability to escalate privileges. La versión 2020.0.3 de Adobe Robohelp (y anteriores) se ve afectada por una vulnerabilidad en el elemento de ruta de búsqueda no controlada que podría conducir a una escalada de privilegios. Un atacante con permisos de administrador para e... • https://helpx.adobe.com/security/products/robohelp/apsb21-20.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0CVE-2017-3104
https://notcve.org/view.php?id=CVE-2017-3104
01 Dec 2017 — Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2. Adobe RoboHelp tiene una vulnerabilidad de Cross-Site Scripting (XSS). Esto afecta a las versiones anteriores a la versión RH12.0.4.460 y RH2017 anteriores a la RH2017.0.2. • http://www.securityfocus.com/bid/100707 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-3105
https://notcve.org/view.php?id=CVE-2017-3105
01 Dec 2017 — Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2. Adobe RoboHelp tiene una vulnerabilidad de redirección abierta Esto afecta a las versiones anteriores a la versión RH12.0.4.460 y RH2017 anteriores a la RH2017.0.2. • http://www.securityfocus.com/bid/100709 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7891
https://notcve.org/view.php?id=CVE-2016-7891
15 Dec 2016 — Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier have an input validation issue that could be used in cross-site scripting attacks. Adobe RoboHelp versión 2015.0.3 y versiones anteriores, RoboHelp 11 y versiones anteriores tienen un problema de validación de entrada que puede ser utilizado en ataques de XSS. • http://www.securityfocus.com/bid/94878 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-1035
https://notcve.org/view.php?id=CVE-2016-1035
12 Apr 2016 — Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which allows attackers to obtain sensitive information via unspecified vectors. Adobe RoboHelp Server 9 en versiones anteriores a 9.0.1 no maneja correctamente las consultas SQL, lo que permite a atacantes obtener información sensible a través de vectores no especificados. • http://www.securitytracker.com/id/1035557 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 10%CPEs: 1EXPL: 0CVE-2013-5327
https://notcve.org/view.php?id=CVE-2013-5327
09 Oct 2013 — MDBMS.dll in Adobe RoboHelp 10 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. MDBMS.dll en Adobe RoboHelp 10 permite a atacantes ejecutar código arbitrario o provcar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://www.adobe.com/support/security/bulletins/apsb13-24.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 1%CPEs: 10EXPL: 0CVE-2012-0765
https://notcve.org/view.php?id=CVE-2012-0765
15 Feb 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 8 and 9 for Word allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to certain .htm files in (1) template_stock and (2) template_csh directories. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe RoboHelp v8 y v9 para Word, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL modificada, relacionado con ciertos arc... • http://osvdb.org/79251 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 5EXPL: 0CVE-2011-2133
https://notcve.org/view.php?id=CVE-2011-2133
11 Aug 2011 — Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 before 9.0.1.262, and RoboHelp Server 8 and 9, allows remote attackers to inject arbitrary web script or HTML via the URI, related to template_stock/whutils.js. Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe RoboHelp 8 y 9 anterior a v9.0.1.262, y RoboHelp Server 8 and 9 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de URI, relacionado con template_stock/whutils.js • http://securityreason.com/securityalert/8334 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2011-0613
https://notcve.org/view.php?id=CVE-2011-0613
16 May 2011 — Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en RoboHelp v7 y v8, y RoboHelp Server v7 y v8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetr... • http://www.adobe.com/support/security/bulletins/apsb11-09.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •