Description
Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 8 and 9 for Word allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to certain .htm files in (1) template_stock and (2) template_csh directories.
Affected products
- Adobe / RoboHelp8 – 8
- Adobe / RoboHelp8.0.1 – 8.0.1
- Adobe / RoboHelp8.0.2 – 8.0.2
- Adobe / RoboHelp9 – 9
- Adobe / RoboHelp9.0.0.228 – 9.0.0.228
- Adobe / RoboHelp9.0.1 – 9.0.1
- Adobe / RoboHelp9.0.1.232 – 9.0.1.232
- Adobe / RoboHelp9.0.2 – 9.0.2
References
- MISChttp://osvdb.org/79251
- MISChttp://www.securitytracker.com/id?1026676
- VENDOR_ADVISORYhttp://secunia.com/advisories/47936
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/73179
- MISChttp://www.securityfocus.com/bid/52008
- VENDOR_ADVISORYhttp://www.adobe.com/support/security/bulletins/apsb12-04.html