Skip to main content
K
KarlaT123
Participating Frequently
November 5, 2025
Question

Client DOM Open Redirect vulnerabilities in RH 2022.6.34 WebHelp and HTML5 Outputs

  • November 5, 2025
  • 1 reply
  • 65 views

Checkmarx has identified "Client DOM Open Redirect" vulnerabilities in the help output generated by the latest version of RoboHelp, in three RH-created JavaScript files (topicwidgets.min.js, csh-core.min.js, and rh.min.js).  These are classified as Medium OWASP vulnerabilities and my company security policy will no longer allow us to distribute software with these.

Here is a sample from my security report:

"The potentially tainted value provided by href
in [PATH EDITED OUT FOR PRIVACY]/WebHelp/template/scripts/topicwidgets.min.js at line 1237 is used as a destination URL by location in [PATH EDITED OUT FOR PRIVACY]
/WebHelp/template/scripts/topicwidgets.min.js at line 1241, potentially allowing attackers to perform an open redirection."

These issues have been around for quite some time. I recently upgraded from RH 2015, hoping the most recent release would clear the issue, but it has not.

Our developers are not allowed to edit files from an outside vendor, and, even if we could get an exception for this, I believe they would need to do so every time the file is generated by RH. 

Can someone from Adobe please look at changing these files to ensure they do not contain vulnerabilities?

Thank you.

 

 

    1 reply

    Peter Grainge
    Community Expert
    Peter GraingeCommunity Expert
    Community Expert
    November 6, 2025

    This is a user to user forum and only Adobe can help you on this one. Most of these warnings turn out to be false but I understand that is not enough for you. To get the confirmation or action you need I suggest for this one you need to go to Adobe Support. See https://helpx.adobe.com/contact/enterprise-support.other.html#robohelp for your Adobe Support options. The email link tcssup@adobe.com is recommended as it reaches a team dedicated to Technical Communication Suite products including RoboHelp.

    ________________________________________________________

    My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

     

    Use menu (bottom right) to mark as Best Answer or to Highlight particularly useful replies. Found the answer elsewhere? Share it here.
    K
    KarlaT123Author
    Participating Frequently
    November 10, 2025

    Thank you!  I'm honored to get a reply from the famous Peter Grainge! 🙂

    I will email Adobe support as you suggested, and will post back here with my results later, in the event that someone else runs into similar issues. 

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices