Skip to main content
S
Sunilnair55555
Participating Frequently
March 9, 2012
Answered

webhelp vulnerable during XSS cross site scripting audit. Reason - document.location.href

  • March 9, 2012
  • 2 replies
  • 2705 views

Online help created by team is going through a security vulnerability check now. It has been found that after integration of webhelp with the application,document.location.href  is a vulnerable point as per XSS cross site scripting. Please your thoughts and any methods you have that can contain this situation. Its urgent, please help.

This topic has been closed for replies.
Correct answer Jeff_Coatsworth

Hi Jeff,

thanks for the suggestion, have used a VAPT tool to identify vulberablity. also the latest patch you mentioned, it is not available on adobe security bulletin link http://www.adobe.com/support/security/bulletins/apsb12-04.html. is it available some other link? if yes kindly share...thanks in advance.


You can update your copy through Help > Updates or from the web page: http://www.adobe.com/downloads/updates/

2 replies

S
Sunilnair55555Author
Participating Frequently
March 27, 2012

Have tried compiling webhelp with Robohelp 9.0.1.2.3.2 ( older version) with patch available. Is there any way i can test the vulnerablity internally before sharing helpfiles for audit.? Please suggest any VAPT testing tool names that can detect XSS vulnerablity. Thanks..

Jeff_Coatsworth
Community Expert
Jeff_CoatsworthCommunity Expert
Community Expert
March 27, 2012

Latest patch level takes you to 9.0.2.271 AFAIK - try that. There's no tester within RH; I'd try googling to see if something exists out there. Didn't your auditors give you something to use?

S
Sunilnair55555Author
Participating Frequently
March 28, 2012

Hi Jeff,

thanks for the suggestion, have used a VAPT tool to identify vulberablity. also the latest patch you mentioned, it is not available on adobe security bulletin link http://www.adobe.com/support/security/bulletins/apsb12-04.html. is it available some other link? if yes kindly share...thanks in advance.

RoboColum_n_
RoboColum_n_
Legend
March 9, 2012

Can you start by telling us what version of RoboHelp you are using. There are some security patches available on the Adobe KB but without knowing your RH version I can't advise any further.

BTW please do not cross post. It helps no one. You may want to read the helpful tips before posting again. You can find them at http://forums.adobe.com/thread/467760?tstart=0


  @robocolumn
  The RoboColum(n)
  Colum McAndrew

S
Sunilnair55555Author
Participating Frequently
March 9, 2012

Hi RoboColum(n),

New to this forum so ddnt know much about the rules...apologize for that to start with. I am using robohelp 9, and also tried a patch

Vulnerability identifier: APSB07-10

CVE number: CVE-2007-1280

however it ddnt work for us. Please advise, as we cannot proceed with our product release without clearing this audit. thanks in advance for your time and patience.

S
Sunilnair55555Author
Participating Frequently
March 9, 2012

the version is 9.0.1.262

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices