Sign-up

ID

VAR-201105-0038


CVE

CVE-2011-0613


TITLE

Adobe RoboHelp and RoboHelp Server Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2011-001639

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. ---------------------------------------------------------------------- http://twitter.com/secunia http://www.facebook.com/Secunia ---------------------------------------------------------------------- TITLE: Adobe RoboHelp Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA44480 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44480/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44480 RELEASE DATE: 2011-05-14 DISCUSS ADVISORY: http://secunia.com/advisories/44480/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44480/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44480 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Adobe RoboHelp, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. The vulnerability is reported in the following products: * RoboHelp versions 7 and 8. * RoboHelp Server versions 7 and 8. SOLUTION: Apply update (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits James Jardine, Jardine Software Inc. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb11-09.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2011-0613 // JVNDB: JVNDB-2011-001639 // BID: 47839 // PACKETSTORM: 101406

AFFECTED PRODUCTS

vendor:adobemodel:robohelp serverscope:eqversion:8

Trust: 2.7

vendor:adobemodel:robohelp serverscope:eqversion:7

Trust: 2.7

vendor:adobemodel:robohelpscope:eqversion:8

Trust: 2.7

vendor:adobemodel:robohelpscope:eqversion:7

Trust: 2.7

vendor:hitachimodel:device managerscope:eqversion:software

Trust: 0.8

vendor:hitachimodel:it operations analyzerscope: - version: -

Trust: 0.8

vendor:hitachimodel:it operations directorscope: - version: -

Trust: 0.8

vendor:hitachimodel:tiered storage managerscope:eqversion:software

Trust: 0.8

vendor:hitachimodel:jp1/it desktop managementscope:eqversion:- manager

Trust: 0.8

sources: BID: 47839 // JVNDB: JVNDB-2011-001639 // CNNVD: CNNVD-201105-184 // NVD: CVE-2011-0613

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-0613
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-0613
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201105-184
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2011-0613
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2011-001639 // CNNVD: CNNVD-201105-184 // NVD: CVE-2011-0613

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2011-001639 // NVD: CVE-2011-0613

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201105-184

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 101406 // CNNVD: CNNVD-201105-184

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-001639

PATCH
title:APSB11-09url:http://www.adobe.com/support/security/bulletins/apsb11-09.html
Trust: 0.8
title:APSB11-09 (cpsid_90298)url:http://kb2.adobe.com/jp/cps/902/cpsid_90298.html
Trust: 0.8
title:APSB11-09url:http://www.adobe.com/jp/support/security/bulletins/apsb11-09.html
Trust: 0.8
title:HS12-010url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-010/index.html
Trust: 0.8
title:HS12-004url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-004/index.html
Trust: 0.8
title:HS12-008url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-008/index.html
Trust: 0.8
title:HS12-004url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-004/index.html
Trust: 0.8
title:HS12-008url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-008/index.html
Trust: 0.8
title:HS12-010url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-010/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-001639

EXTERNAL IDS
db:NVDid:CVE-2011-0613
Trust: 2.7
db:JVNDBid:JVNDB-2011-001639
Trust: 0.8
db:SECUNIAid:44480
Trust: 0.7
db:CNNVDid:CNNVD-201105-184
Trust: 0.6
db:BIDid:47839
Trust: 0.3
db:PACKETSTORMid:101406
Trust: 0.1
sources:
            
            
            BID: 47839 // 
            
            
            
            JVNDB: JVNDB-2011-001639 // 
            
            
            
            PACKETSTORM: 101406 // 
            
            
            
            CNNVD: CNNVD-201105-184 // 
            
            
            
            NVD: CVE-2011-0613

REFERENCES
url:http://www.adobe.com/support/security/bulletins/apsb11-09.html
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0613
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0613
Trust: 0.8
url:http://secunia.com/advisories/44480
Trust: 0.6
url:http://www.adobe.com/products/robohelpserver/
Trust: 0.3
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=44480
Trust: 0.1
url:http://twitter.com/secunia
Trust: 0.1
url:http://secunia.com/products/corporate/evm/
Trust: 0.1
url:http://secunia.com/advisories/44480/
Trust: 0.1
url:http://www.facebook.com/secunia
Trust: 0.1
url:http://secunia.com/advisories/44480/#comments
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            BID: 47839 // 
            
            
            
            JVNDB: JVNDB-2011-001639 // 
            
            
            
            PACKETSTORM: 101406 // 
            
            
            
            CNNVD: CNNVD-201105-184 // 
            
            
            
            NVD: CVE-2011-0613

CREDITS
James Jardine of Jardine Software Inc.
Trust: 0.3
sources:
            
            
            BID: 47839

SOURCES
db:BIDid:47839
db:JVNDBid:JVNDB-2011-001639
db:PACKETSTORMid:101406
db:CNNVDid:CNNVD-201105-184
db:NVDid:CVE-2011-0613

LAST UPDATE DATE
2024-11-23T21:56:09.886000+00:00

SOURCES UPDATE DATE
db:BIDid:47839date:2011-05-12T00:00:00
db:JVNDBid:JVNDB-2011-001639date:2012-03-28T00:00:00
db:CNNVDid:CNNVD-201105-184date:2011-05-17T00:00:00
db:NVDid:CVE-2011-0613date:2024-11-21T01:24:25.593

SOURCES RELEASE DATE
db:BIDid:47839date:2011-05-12T00:00:00
db:JVNDBid:JVNDB-2011-001639date:2011-05-27T00:00:00
db:PACKETSTORMid:101406date:2011-05-13T05:45:12
db:CNNVDid:CNNVD-201105-184date:2011-05-16T00:00:00
db:NVDid:CVE-2011-0613date:2011-05-16T17:55:02.510