CVE-2007-1280

Name of the Vulnerable Software and Affected Versions Adobe RoboHelp versions X5, 6 Adobe RoboHelp Server version 6

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path. This can be demonstrated using specific files such as en/frameset-7.html. Other potential vectors involve templates and various files including whstart.js, whcsh home.htm in WebHelp, wf startpage.js, wf startqs.htm in FlashHelp, or WindowManager.dll in RoboHelp Server 6.

Recommendations For Adobe RoboHelp versions X5 and 6, update to a version that includes the fix for this issue. For Adobe RoboHelp Server version 6, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the specified files and templates until a patch is available.