N/A

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6.

N/A

N/A

Adobe RoboHelp 'Frameset-7.HTML' 跨站脚本攻击漏洞

Adobe RoboHelp 和Server 中存在跨站脚本攻击漏洞。远程攻击者可以借助URL路径中的#后的URL，比如en/frameset-7.html和其他涉及WebHelp中的(1)whstart.js和(2)whcsh_home.htm，FlashHelp中的(3)wf_startpage.js和(4)wf_startqs.htm或RoboHelp Server 6中的(5)WindowManager.dll，注入任意的web脚本或HTML。

N/A

N/A