Copy link to clipboard
Copied
I've searched on xss vulnerabilities but did not find anything about "document.write(strHtml)". Can anyone tell me is this due to usage of frames or another reason? ---thanks
Copy link to clipboard
Copied
Try running an update – you should be at 10.0.1.292
Copy link to clipboard
Copied
These have been applied
XSS vulnerability fix
http://www.adobe.com/support/security/bulletins/apsb13-24.html
Additional Updates Found Here (but not specifically stated for 10.0.1.292)
Copy link to clipboard
Copied
Try using the Help > Updates route
Copy link to clipboard
Copied
Thanks. Haha. That was too easy.
We updated the PC, republished and get the same "document.write(strHtml)" error. Any other thoughts?
fyi, we also get multiple, similar errors already documented in http://forums.adobe.com/message/5392138#5392138
but it seems that is not a valid error by the opinion of the responder. We got these before too before the latest upgrade from 10.0.0.287 but I just thought I would mention it.
Copy link to clipboard
Copied
Where does this error occur? Some tools report XSS vulnerabilities that
not really classify as such.
The errors mentioned in the link are a mechanism for breadcrumbs. It
makes sure that the correct page in the TOC is highlighted when a topic
is used multiple times. It doesn't seem a real issue to me, but I'm no
security expert. The script just redirects the topic to itself with a
different parameter. No cross domain requests there.
If your security advisor thinks it is a real vulnerability, please file
a bug report on
https://www.adobe.com/cfusion/mmform/index.cfm?name=wishform&product=12
Kind regards,
Willam