CVE-2009-0523

Опубликовано: 26 фев. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log.

Ссылки

http://secunia.com/advisories/34048
Vendor Advisory
http://securitytracker.com/id?1021755
http://www.adobe.com/support/security/bulletins/apsb09-02.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/33887
Patch
http://www.vupen.com/english/advisories/2009/0512
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/48890
http://secunia.com/advisories/34048
Vendor Advisory
http://securitytracker.com/id?1021755
http://www.adobe.com/support/security/bulletins/apsb09-02.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/33887
Patch
http://www.vupen.com/english/advisories/2009/0512
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/48890

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:adobe:robohelp:6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:robohelp:7:*:*:*:*:*:*:*

cpe:2.3:a:adobe:robohelp_server:6:*:*:*:*:*:*:*

cpe:2.3:a:adobe:robohelp_server:7:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01583

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-whp8-h58w-r9jr

github

почти 4 года назад