CVE-2009-0523

Name of the Vulnerable Software and Affected Versions Adobe RoboHelp Server versions 6 and 7

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted URL. This occurs because the URL is not properly handled when displaying the Help Errors log.

Recommendations For Adobe RoboHelp Server version 6, update to a version that properly sanitizes URLs to prevent XSS attacks. For Adobe RoboHelp Server version 7, update to a version that properly sanitizes URLs to prevent XSS attacks. As a temporary workaround, consider restricting access to the Help Errors log until a patch is available.