1 Reply Latest reply on Feb 25, 2010 11:44 AM by 123majorBates

    Beware - Serious Breach - Cross Site Scripting Errors in WebHelp

    123majorBates

      This is a cautionary message. I have confirmed cross site scripting errors in RoboHelp 8.0. This is a serious security breach. RoboHelp second level support acknowledged the problem and suggested I wait for patches to appear while providing no time frame for such activity.

       

      I have decided not to use the product due to this serious flaw. I strongly suggest you research cross site scripting before using a RoboHelp WebHelp solution.

        • 1. Re: Beware - Serious Breach - Cross Site Scripting Errors in WebHelp
          123majorBates Level 1

          I was eventually put in touch with an Adobe engineer, Tulika Garg. She was able to reproduce the problem. However, when she reviewed the code that was triggering the Fortify cross site scripting errors, she came to the conclusion that it was not actually harmful. There are further errors with the .js files that Adobe has a QA engineer trying to reproduce. These are minor errors and not the serious errors I was encountering.

           

          Result - clean bill of health for RoboHelp!