Beware - Serious Breach - Cross Site Scripting Errors in WebHelp

Report · Feb 15, 2010

This is a cautionary message. I have confirmed cross site scripting errors in RoboHelp 8.0. This is a serious security breach. RoboHelp second level support acknowledged the problem and suggested I wait for patches to appear while providing no time frame for such activity.

I have decided not to use the product due to this serious flaw. I strongly suggest you research cross site scripting before using a RoboHelp WebHelp solution.

Report · Feb 25, 2010

I was eventually put in touch with an Adobe engineer, Tulika Garg. She was able to reproduce the problem. However, when she reviewed the code that was triggering the Fortify cross site scripting errors, she came to the conclusion that it was not actually harmful. There are further errors with the .js files that Adobe has a QA engineer trying to reproduce. These are minor errors and not the serious errors I was encountering.

Result - clean bill of health for RoboHelp!