DOM Based Cross-Site Scripting issue in RoboHelp 10

Forum|Forum|12 years ago
June 7, 2013
2 replies
1922 views

We're using a WebHelp system originally deplyed using RoboHelp 9.0.2.271, and a recent security scan revealed the DOM based cross-site scripting issue.

I recently upgraded to RoboHelp 10, migrated my help system to this version, and redeployed the system, but our security scan is still detecting the cross-scripting vulnerability in WebHelp. Wasn't this issue resolved in RoboHelp 10?

Thanks

WebHelp

This topic has been closed for replies.

Willam van Weelden

Inspiring

Hi,

What XSS vulnerability are you talking about? It’s hard to know whether an issue is fixed when we don’t know what issue you’re talking about.

Greet,

Willam

K

Kimota12Author

Participating Frequently

Here's an example of one of the issues the security scan caught:

Willam van Weelden

Inspiring

Hi,

I’m not a security expert, but this script reads the URL of the current topic and redirects to the current topic with a bookmark. This is needed for when the same topic is used in multiple locations in the TOC.

I’ll ask around about this security issue.

Greet,

Willam

Jeff_Coatsworth

Community Expert

You should contact Adobe Support with your concerns and specifics of the issue your security guys are finding. You may have to use the Multiscreen HTML5 SSL to get around issues with frames.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded