Copy link to clipboard
Copied
We are using Robohelp 8.02, generating webhelp for a web application. Development just started to use Fortify to identify security vulnerabilities. The Fortify software found 17 Robohelp htm files with cross-site scripting security holes. We are NOT using RoboHelp Server 8.
Before creating this posting, I searched the forums and found one post from Feb 2010 (Beware -serious - cross site scripting errors in Robohelp 8.0).
From reading that posting, it appears that an Adobe engineer was involved----I'm not clear on the final outcome for this issue.
Any additional information on the final resolve for this issue would be helpful.
Thanks,
Copy link to clipboard
Copied
The previous poster indicated that Tulika, who I can confirm is an Adobe engineer, stated "when she reviewed the code that was triggering the Fortify cross site scripting errors, she came to the conclusion that it was not actually harmful." The poster also indicated their opinion was the other errors were minor.
That seems clear enough so I wonder what value is anything that anyone here can add? The forum responses are from other users and I would have thought any further assurance beyond the above is something your management would want to come from Adobe.
I have not seen anything on these forums indicating that any attack has been triggered.
See www.grainge.org for RoboHelp and Authoring tips
Copy link to clipboard
Copied
On further consideration, maybe your management would want to take this up with Fortify? They are the ones claiming there is a risk.
A few days ago Norton told me some software I was going to use was very dangerous. It seems that claim was based on characteristics and when they tested it properly, Norton advised it was safe to use!
See www.grainge.org for RoboHelp and Authoring tips
Copy link to clipboard
Copied
Thanks for your response.
Copy link to clipboard
Copied
Barbc11
You should look at this.
http://www.adobe.com/support/security/bulletins/apsb10-23.html
See www.grainge.org for RoboHelp and Authoring tips
Copy link to clipboard
Copied
Thanks very much for the link. I appreciate the information.