RoboHelp Server Multiple XSS (APSB09-02 Update 2)
Medium Nessus Plugin ID 35737
SynopsisThe remote Windows host has an application that is affected by multiple cross-site scripting vulnerabilities.
DescriptionAdobe RoboHelp Server version 6 or 7 is installed on the remote host, and it is missing updates included with Adobe security advisory 'APSB09-02 Update 2' involving the files 'redirect.asp', 'Report_Template.asp' and 'SQL_Lib.asp'. Provided an attacker has access to 'RoboHelp Help Errors log' or is able to trick an user with access to 'RoboHelp Help Errors log' to click on a malicious link, it may be possible for him to execute arbitrary HTML and script code in the victim's browser session.
SolutionApply the patch referenced in the vendor advisory.