Vulnerabilities > Adobe > Robohelp Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-10-26 | CVE-2010-2885 | Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word. | 4.3 |
| 2009-09-04 | CVE-2009-3068 | Permissions, Privileges, and Access Controls vulnerability in Adobe Robohelp Server 8 Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11. | 9.3 |
| 2009-02-26 | CVE-2009-0524 | Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp. | 4.3 |
| 2009-02-26 | CVE-2009-0523 | Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log. | 4.3 |
| 2008-07-09 | CVE-2008-2991 | Cross-Site Scripting vulnerability in Adobe Robohelp Server 6/7 Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Help Errors log. | 4.3 |
| 2007-05-10 | CVE-2007-1280 | Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6. | 4.3 |