cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0
Upvote

xss vulnerabilities in Robohelp 10.0.0.287

Guest
Feb 26, 2014 Feb 26, 2014

Copy link to clipboard

Copied

I've searched on xss vulnerabilities but did not find anything about "document.write(strHtml)". Can anyone tell me is this due to usage of frames or another reason? ---thanks


xss_dom_document.write.jpg

Views

678

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 5 Replies 5
latest latest Jump to latest reply
Jeff_Coatsworth Community Expert
Community Expert ,
Feb 26, 2014 Feb 26, 2014

Copy link to clipboard

Copied

Try running an update – you should be at 10.0.1.292

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Feb 26, 2014 Feb 26, 2014

Copy link to clipboard

Copied

In Response To Jeff_Coatsworth
Jeff, thank you for the quick reply. I had already applied the 10.0.1 update and the security bulletin below that. I don't find an upgrade to 10.0.1.292. The last link below has some additional links. Do you know if the suggested upgrade is one of those (or should I just apply all of them?)?

These have been applied

The Adobe® RoboHelp® 10.0.1 update fixes critical bugs that were found in Adobe RoboHelp 10 software.
http://www.adobe.com/support/robohelp/downloads.html

XSS vulnerability fix

http://www.adobe.com/support/security/bulletins/apsb13-24.html


Additional Updates Found Here (but not specifically stated for 10.0.1.292)

http://wvanweelden.eu/articles/robohelp-patches-and-updates

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Jeff_Coatsworth Community Expert
Community Expert ,
Feb 26, 2014 Feb 26, 2014

Copy link to clipboard

Copied

In Response To Deleted User

Try using the Help > Updates route

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Feb 26, 2014 Feb 26, 2014

Copy link to clipboard

Copied

In Response To Jeff_Coatsworth

Thanks. Haha. That was too easy.

We updated the PC, republished and get the same "document.write(strHtml)" error. Any other thoughts?

fyi, we also get multiple, similar errors already documented in http://forums.adobe.com/message/5392138#5392138

but it seems that is not a valid error by the opinion of the responder. We got these before too before the latest upgrade from 10.0.0.287 but I just thought I would mention it.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Willam_van_Weelden
LEGEND ,
Feb 27, 2014 Feb 27, 2014

Copy link to clipboard

Copied

LATEST
In Response To Deleted User

Where does this error occur? Some tools report XSS vulnerabilities that

not really classify as such.

The errors mentioned in the link are a mechanism for breadcrumbs. It

makes sure that the correct page in the TOC is highlighted when a topic

is used multiple times. It doesn't seem a real issue to me, but I'm no

security expert. The script just redirects the topic to itself with a

different parameter. No cross domain requests there.

If your security advisor thinks it is a real vulnerability, please file

a bug report on

https://www.adobe.com/cfusion/mmform/index.cfm?name=wishform&product=12

Kind regards,

Willam

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
RoboHelp Documentation
RoboHelp User Guide
Download Adobe RoboHelp
Download for all available Updates
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices