Adobe RoboHelp Unspecified XSS (APSB16-46)
Medium Nessus Plugin ID 95950
SynopsisAn application installed on the remote host is affected by a cross-site scripting vulnerability.
DescriptionThe version of Adobe RoboHelp installed on the remote Windows host is affected by an unspecified cross-site scripting (XSS) vulnerability due to improper validation of input before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
Note that Nessus has not checked for the patch to file layout.js in each of the project folders for the RoboHelp projects on the host.
SolutionApply the appropriate fix according to the instructions in Adobe Security Bulletin APSB16-46.