Hi,123majorBates and welcome to the Forums.
Any outstanding security issues with RoboHelp 6 and 7 were taken care of in the development of RoboHelp 8, so it would not be necessary to install those patches.
However, you would also want to install any updates to RoboHelp 8 if you have not already. Though, these were not issued specifically for scripting vulnerabilities per se, make sure you have updates 8.0.1 and 8.0.2 installed. You will find them here:
You didn't mention whether you were using WebHelp Pro with RoboHelp Server 8? In the event you are, there was a security update for RoboHelp Server 8 a couple of months ago. You will find it here on the Adobe Tech Comm blog.
Finally, please email me the Fortify report offline with as much info as you have, I will make sure it gets to the Adobe Engineering team immediately. It would also be helpful to understand a little about the application and how it is calling the help to see if this is coloring the result.
I am at john @ johndaigle dot com
Thanks very much for reporting this and we'll keep you posted.
Adobe Certified RoboHelp and Captivate Instructor
I followed your directions and eventually was put in touch with an Adobe engineer, Tulika Garg. She was able to reproduce the problem. However, when she reviewed the code that was triggering the Fortify cross site scripting errors, she came to the conclusion that it was not actually harmful. There are further errors with the .js files that Adobe has a QA engineer trying to reproduce. These are minor errors and not the serious errors I was encountering.