CVE-2007-1280 - Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attacke

CVE-2007-1280

Summary

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6.

References

Vulnerable Configurations

cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:robohelp:6:*:*:*:*:*:*:*
cpe:2.3:a:adobe:robohelp:6:*:*:*:*:*:*:*
cpe:2.3:a:adobe:robohelp:x5:*:*:*:*:*:*:*
cpe:2.3:a:adobe:robohelp:x5:*:*:*:*:*:*:*
cpe:2.3:a:adobe:robohelp_server:6:*:*:*:*:*:*:*
cpe:2.3:a:adobe:robohelp_server:6:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 16-10-2018 - 16:37)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	23878
bugtraq	20070511 Cross-Site Scripting in Adobe RoboHelp 6, Server 6 and X5
confirm	http://www.adobe.com/support/security/bulletins/apsb07-10.html
misc	http://www.devtarget.org/adobe-advisory-05-2007.txt
osvdb	35867
sectrack	1018020
secunia	25211
vupen	ADV-2007-1714
xf	robohelp-files-xss(34181)

Last major update

16-10-2018 - 16:37

Published

10-05-2007 - 00:19

Last modified

16-10-2018 - 16:37