Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (uncredentialed check)

This script is Copyright (C) 2011 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by a
cross-site scripting vulnerability.

Description :

The published RoboHelp project on the remote host contains a
cross-site scripting vulnerability in its wf_status.htm and wf_topicfs
files. An attacker may be able to leverage this issue to execute
arbitrary script code in the browser of an authenticated user in the
context of the affected site and to steal cookie-based authentication
credentials.

See also :

http://www.adobe.com/support/security/bulletins/apsb11-09.html

Solution :

Apply the patch referenced in the vendor advisory above.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 54603 ()

Bugtraq ID: 47839

CVE ID: CVE-2011-0613