Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1280Cross-site Scripting in Adobe Robohelp

4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
3.9%
top 11.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Adobe RobohelpAdobe Robohelp Server
Timeline
PublishedMay 10
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDadobe/robohelp6, x5+1

Patches

Patch: secunia.comPatch: www.adobe.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-m5pf-frf4-9m2x: Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a UR2022-05-01
CVEList
CVE-2007-1280: Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a UR2007-05-09

💥Exploits & PoCs

1
Exploit-DB
Adobe RoboHelp - Frameset-7.HTML Cross-Site Scripting2007-05-08
CVE-2007-1280 — Cross-site Scripting in Adobe Robohelp | cvebase