Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (credentialed check)

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by a
cross-site scripting vulnerability.

Description :

The version of RoboHelp on the remote host contains a cross-site
scripting vulnerability in its FlashHelp and FlashHelp Pro output. An
attacker may be able to leverage this issue to execute arbitrary
script code in the browser of an authenticated user in the context of
the affected site and to steal cookie-based authentication
credentials.

Note that this plugin checks for a version of RoboHelp that would
generate FlashHelp and FlashHelp Pro projects with a cross-site
scripting vulnerability rather than published projects with the
vulnerability.

See also :

http://www.adobe.com/support/security/bulletins/apsb11-09.html

Solution :

Apply the patch referenced in the vendor advisory above. Once the
patch is applied, all FlashHelp and FlashHelp Pro files need to be
regenerated.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 54602 ()

Bugtraq ID: 47839

CVE ID: CVE-2011-0613

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now