Search criteria
34 vulnerabilities found for robohelp_server by adobe
CVE-2023-22275 (GCVE-0-2023-22275)
Vulnerability from nvd – Published: 2023-11-17 12:52 – Updated: 2024-09-04 19:40
VLAI?
Title
ZDI-CAN-21306: Adobe RoboHelp Server GetNewUserId SQL Injection Information Disclosure Vulnerability
Summary
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
Severity ?
7.5 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:robohelp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robohelp",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "rhs_11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22275",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T19:39:28.849634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T19:40:50.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "RoboHelp",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "RHS 11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-11-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) (CWE-89)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T12:52:31.426Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-21306: Adobe RoboHelp Server GetNewUserId SQL Injection Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-22275",
"datePublished": "2023-11-17T12:52:31.426Z",
"dateReserved": "2022-12-19T17:47:20.529Z",
"dateUpdated": "2024-09-04T19:40:50.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22274 (GCVE-0-2023-22274)
Vulnerability from nvd – Published: 2023-11-17 12:52 – Updated: 2024-09-04 19:46
VLAI?
Title
ZDI-CAN-21305: Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability
Summary
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
Severity ?
7.5 (High)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:robohelp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robohelp",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "rhs_11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T19:44:58.945526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T19:46:28.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "RoboHelp",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "RHS 11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-11-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) (CWE-611)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T12:52:29.111Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-21305: Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-22274",
"datePublished": "2023-11-17T12:52:29.111Z",
"dateReserved": "2022-12-19T17:47:20.527Z",
"dateUpdated": "2024-09-04T19:46:28.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22273 (GCVE-0-2023-22273)
Vulnerability from nvd – Published: 2023-11-17 12:52 – Updated: 2025-12-16 18:23
VLAI?
Title
ZDI-CAN-21307: Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability
Summary
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction.
Severity ?
7.2 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:robohelp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robohelp",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "rhs_11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-22T05:00:28.276506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:23:25.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "RoboHelp",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "RHS 11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-11-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "HIGH",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "HIGH",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T12:52:28.324Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-21307: Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-22273",
"datePublished": "2023-11-17T12:52:28.324Z",
"dateReserved": "2022-12-19T17:47:20.527Z",
"dateUpdated": "2025-12-16T18:23:25.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-22272 (GCVE-0-2023-22272)
Vulnerability from nvd – Published: 2023-11-17 12:52 – Updated: 2024-09-04 19:42
VLAI?
Title
ZDI-CAN-21309: Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure Vulnerability
Summary
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation (CWE-20)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:robohelp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robohelp",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "rhs_11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T19:41:22.607089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T19:42:40.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "RoboHelp",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "RHS 11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-11-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T12:52:30.657Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-21309: Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-22272",
"datePublished": "2023-11-17T12:52:30.657Z",
"dateReserved": "2022-12-19T17:47:20.527Z",
"dateUpdated": "2024-09-04T19:42:40.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22268 (GCVE-0-2023-22268)
Vulnerability from nvd – Published: 2023-11-17 12:52 – Updated: 2024-09-04 19:43
VLAI?
Title
ZDI-CAN-21308: Adobe RoboHelp Server getRHSGroupsForRoles SQL Injection Information Disclosure Vulnerability
Summary
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction.
Severity ?
6.5 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-12T17:33:03.956190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T19:43:36.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "RoboHelp",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "RHS 11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-11-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "LOW",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) (CWE-89)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T12:52:29.878Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-21308: Adobe RoboHelp Server getRHSGroupsForRoles SQL Injection Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-22268",
"datePublished": "2023-11-17T12:52:29.878Z",
"dateReserved": "2022-12-19T17:47:20.526Z",
"dateUpdated": "2024-09-04T19:43:36.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30670 (GCVE-0-2022-30670)
Vulnerability from nvd – Published: 2022-06-16 16:56 – Updated: 2024-09-16 17:43
VLAI?
Title
Escalate Privileges to Server Admin - Robohelp Server
Summary
RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction.
Severity ?
8.8 (High)
CWE
- CWE-285 - Improper Authorization (CWE-285)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RoboHelp",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "\u003cRHS11U3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization (CWE-285)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T16:56:25",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Escalate Privileges to Server Admin - Robohelp Server",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-06-14T23:00:00.000Z",
"ID": "CVE-2022-30670",
"STATE": "PUBLIC",
"TITLE": "Escalate Privileges to Server Admin - Robohelp Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RoboHelp",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "\u003cRHS11U3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization (CWE-285)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-30670",
"datePublished": "2022-06-16T16:56:25.980172Z",
"dateReserved": "2022-05-12T00:00:00",
"dateUpdated": "2024-09-16T17:43:38.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42727 (GCVE-0-2021-42727)
Vulnerability from nvd – Published: 2021-11-22 15:37 – Updated: 2024-09-17 00:50
VLAI?
Title
Adobe Bridge Buffer Overflow Arbitrary code execution
Summary
Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write (CWE-787)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bridge",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "11.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T16:37:11",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Bridge Buffer Overflow Arbitrary code execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-10-26T23:00:00.000Z",
"ID": "CVE-2021-42727",
"STATE": "PUBLIC",
"TITLE": "Adobe Bridge Buffer Overflow Arbitrary code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bridge",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "11.1.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-42727",
"datePublished": "2021-11-22T15:37:29.526083Z",
"dateReserved": "2021-10-19T00:00:00",
"dateUpdated": "2024-09-17T00:50:37.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28588 (GCVE-0-2021-28588)
Vulnerability from nvd – Published: 2021-06-28 14:13 – Updated: 2024-09-16 23:05
VLAI?
Title
Adobe RoboHelp Server folderId Directory Traversal Remote Code Execution Vulnerability
Summary
Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Severity ?
8.8 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | RoboHelp Server |
Affected:
unspecified , ≤ 2019.0.9
(custom)
Affected: unspecified , ≤ None (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-660/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RoboHelp Server",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2019.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-28T14:13:14",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-660/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe RoboHelp Server folderId Directory Traversal Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-06-08T23:00:00.000Z",
"ID": "CVE-2021-28588",
"STATE": "PUBLIC",
"TITLE": "Adobe RoboHelp Server folderId Directory Traversal Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RoboHelp Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2019.0.9"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-660/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-660/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-28588",
"datePublished": "2021-06-28T14:13:14.965669Z",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-09-16T23:05:32.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2133 (GCVE-0-2011-2133)
Vulnerability from nvd – Published: 2011-08-11 22:00 – Updated: 2024-08-06 22:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 before 9.0.1.262, and RoboHelp Server 8 and 9, allows remote attackers to inject arbitrary web script or HTML via the URI, related to template_stock/whutils.js.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:16.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA11-222A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-222A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-23.html"
},
{
"name": "8334",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 before 9.0.1.262, and RoboHelp Server 8 and 9, allows remote attackers to inject arbitrary web script or HTML via the URI, related to template_stock/whutils.js."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-22T09:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "TA11-222A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-222A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-23.html"
},
{
"name": "8334",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-2133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 before 9.0.1.262, and RoboHelp Server 8 and 9, allows remote attackers to inject arbitrary web script or HTML via the URI, related to template_stock/whutils.js."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-222A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-222A.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-23.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-23.html"
},
{
"name": "8334",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2011-2133",
"datePublished": "2011-08-11T22:00:00",
"dateReserved": "2011-05-13T00:00:00",
"dateUpdated": "2024-08-06T22:53:16.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0613 (GCVE-0-2011-0613)
Vulnerability from nvd – Published: 2011-05-16 17:00 – Updated: 2024-09-16 17:43
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:25.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-09.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-05-16T17:00:00Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-09.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-0613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-09.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-09.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2011-0613",
"datePublished": "2011-05-16T17:00:00Z",
"dateReserved": "2011-01-20T00:00:00Z",
"dateUpdated": "2024-09-16T17:43:49.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2886 (GCVE-0-2010-2886)
Vulnerability from nvd – Published: 2010-10-26 18:00 – Updated: 2024-09-17 01:51
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-2718",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2718"
},
{
"name": "41870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-23.html"
},
{
"name": "1024611",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-26T18:00:00Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "ADV-2010-2718",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2718"
},
{
"name": "41870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-23.html"
},
{
"name": "1024611",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024611"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2718",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2718"
},
{
"name": "41870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41870"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-23.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-23.html"
},
{
"name": "1024611",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024611"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-2886",
"datePublished": "2010-10-26T18:00:00Z",
"dateReserved": "2010-07-27T00:00:00Z",
"dateUpdated": "2024-09-17T01:51:55.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2885 (GCVE-0-2010-2885)
Vulnerability from nvd – Published: 2010-10-26 18:00 – Updated: 2024-09-16 21:08
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-2718",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2718"
},
{
"name": "41870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-23.html"
},
{
"name": "1024611",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-26T18:00:00Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "ADV-2010-2718",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2718"
},
{
"name": "41870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-23.html"
},
{
"name": "1024611",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024611"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2718",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2718"
},
{
"name": "41870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41870"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-23.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-23.html"
},
{
"name": "1024611",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024611"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-2885",
"datePublished": "2010-10-26T18:00:00Z",
"dateReserved": "2010-07-27T00:00:00Z",
"dateUpdated": "2024-09-16T21:08:13.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3068 (GCVE-0-2009-3068)
Vulnerability from nvd – Published: 2009-09-04 18:00 – Updated: 2024-08-07 06:14
VLAI?
Summary
Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html"
},
{
"name": "36245",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36245"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.intevydis.com/blog/?p=69"
},
{
"name": "36467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36467"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-066"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-14.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.intevydis.com/blog/?p=26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twitter.com/elegerov/statuses/3737725344"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twitter.com/elegerov/statuses/3727947465"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "20090923 ZDI-09-066: Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/506687/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twitter.com/elegerov/statuses/3737538715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html"
},
{
"name": "36245",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36245"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.intevydis.com/blog/?p=69"
},
{
"name": "36467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36467"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-066"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-14.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.intevydis.com/blog/?p=26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twitter.com/elegerov/statuses/3737725344"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twitter.com/elegerov/statuses/3727947465"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "20090923 ZDI-09-066: Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/506687/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twitter.com/elegerov/statuses/3737538715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html",
"refsource": "MISC",
"url": "http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html"
},
{
"name": "36245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36245"
},
{
"name": "http://www.intevydis.com/blog/?p=69",
"refsource": "MISC",
"url": "http://www.intevydis.com/blog/?p=69"
},
{
"name": "36467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36467"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-066",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-066"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-14.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-14.html"
},
{
"name": "http://www.intevydis.com/blog/?p=26",
"refsource": "MISC",
"url": "http://www.intevydis.com/blog/?p=26"
},
{
"name": "http://twitter.com/elegerov/statuses/3737725344",
"refsource": "MISC",
"url": "http://twitter.com/elegerov/statuses/3737725344"
},
{
"name": "http://twitter.com/elegerov/statuses/3727947465",
"refsource": "MISC",
"url": "http://twitter.com/elegerov/statuses/3727947465"
},
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "20090923 ZDI-09-066: Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506687/100/0/threaded"
},
{
"name": "http://twitter.com/elegerov/statuses/3737538715",
"refsource": "MISC",
"url": "http://twitter.com/elegerov/statuses/3737538715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3068",
"datePublished": "2009-09-04T18:00:00",
"dateReserved": "2009-09-04T00:00:00",
"dateUpdated": "2024-08-07T06:14:56.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0524 (GCVE-0-2009-0524)
Vulnerability from nvd – Published: 2009-02-26 16:00 – Updated: 2024-08-07 04:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:03.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-0512",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0512"
},
{
"name": "1021755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021755"
},
{
"name": "33888",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33888"
},
{
"name": "34048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34048"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-02.html"
},
{
"name": "robohelp-generated-files-xss(48889)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48889"
},
{
"name": "34032",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-0512",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0512"
},
{
"name": "1021755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021755"
},
{
"name": "33888",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33888"
},
{
"name": "34048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34048"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-02.html"
},
{
"name": "robohelp-generated-files-xss(48889)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48889"
},
{
"name": "34032",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34032"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0512",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0512"
},
{
"name": "1021755",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021755"
},
{
"name": "33888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33888"
},
{
"name": "34048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34048"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-02.html"
},
{
"name": "robohelp-generated-files-xss(48889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48889"
},
{
"name": "34032",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34032"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0524",
"datePublished": "2009-02-26T16:00:00",
"dateReserved": "2009-02-10T00:00:00",
"dateUpdated": "2024-08-07T04:40:03.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0523 (GCVE-0-2009-0523)
Vulnerability from nvd – Published: 2009-02-26 16:00 – Updated: 2024-08-07 04:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-0512",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0512"
},
{
"name": "1021755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021755"
},
{
"name": "34048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34048"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-02.html"
},
{
"name": "robohelp-errors-log-xss(48890)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48890"
},
{
"name": "33887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33887"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-0512",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0512"
},
{
"name": "1021755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021755"
},
{
"name": "34048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34048"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-02.html"
},
{
"name": "robohelp-errors-log-xss(48890)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48890"
},
{
"name": "33887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33887"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0512",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0512"
},
{
"name": "1021755",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021755"
},
{
"name": "34048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34048"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-02.html"
},
{
"name": "robohelp-errors-log-xss(48890)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48890"
},
{
"name": "33887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33887"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0523",
"datePublished": "2009-02-26T16:00:00",
"dateReserved": "2009-02-10T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22275 (GCVE-0-2023-22275)
Vulnerability from cvelistv5 – Published: 2023-11-17 12:52 – Updated: 2024-09-04 19:40
VLAI?
Title
ZDI-CAN-21306: Adobe RoboHelp Server GetNewUserId SQL Injection Information Disclosure Vulnerability
Summary
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
Severity ?
7.5 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:robohelp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robohelp",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "rhs_11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22275",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T19:39:28.849634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T19:40:50.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "RoboHelp",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "RHS 11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-11-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) (CWE-89)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T12:52:31.426Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-21306: Adobe RoboHelp Server GetNewUserId SQL Injection Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-22275",
"datePublished": "2023-11-17T12:52:31.426Z",
"dateReserved": "2022-12-19T17:47:20.529Z",
"dateUpdated": "2024-09-04T19:40:50.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22272 (GCVE-0-2023-22272)
Vulnerability from cvelistv5 – Published: 2023-11-17 12:52 – Updated: 2024-09-04 19:42
VLAI?
Title
ZDI-CAN-21309: Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure Vulnerability
Summary
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation (CWE-20)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:robohelp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robohelp",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "rhs_11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T19:41:22.607089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T19:42:40.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "RoboHelp",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "RHS 11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-11-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T12:52:30.657Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-21309: Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-22272",
"datePublished": "2023-11-17T12:52:30.657Z",
"dateReserved": "2022-12-19T17:47:20.527Z",
"dateUpdated": "2024-09-04T19:42:40.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22268 (GCVE-0-2023-22268)
Vulnerability from cvelistv5 – Published: 2023-11-17 12:52 – Updated: 2024-09-04 19:43
VLAI?
Title
ZDI-CAN-21308: Adobe RoboHelp Server getRHSGroupsForRoles SQL Injection Information Disclosure Vulnerability
Summary
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction.
Severity ?
6.5 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-12T17:33:03.956190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T19:43:36.717Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "RoboHelp",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "RHS 11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-11-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "LOW",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) (CWE-89)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T12:52:29.878Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-21308: Adobe RoboHelp Server getRHSGroupsForRoles SQL Injection Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-22268",
"datePublished": "2023-11-17T12:52:29.878Z",
"dateReserved": "2022-12-19T17:47:20.526Z",
"dateUpdated": "2024-09-04T19:43:36.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22274 (GCVE-0-2023-22274)
Vulnerability from cvelistv5 – Published: 2023-11-17 12:52 – Updated: 2024-09-04 19:46
VLAI?
Title
ZDI-CAN-21305: Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability
Summary
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.
Severity ?
7.5 (High)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:robohelp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robohelp",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "rhs_11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T19:44:58.945526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T19:46:28.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "RoboHelp",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "RHS 11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-11-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) (CWE-611)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T12:52:29.111Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-21305: Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-22274",
"datePublished": "2023-11-17T12:52:29.111Z",
"dateReserved": "2022-12-19T17:47:20.527Z",
"dateUpdated": "2024-09-04T19:46:28.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22273 (GCVE-0-2023-22273)
Vulnerability from cvelistv5 – Published: 2023-11-17 12:52 – Updated: 2025-12-16 18:23
VLAI?
Title
ZDI-CAN-21307: Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability
Summary
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction.
Severity ?
7.2 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:05.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:robohelp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "robohelp",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "rhs_11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-22T05:00:28.276506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:23:25.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "RoboHelp",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "RHS 11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-11-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "NETWORK",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "HIGH",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "NONE",
"privilegesRequired": "HIGH",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-17T12:52:28.324Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-21307: Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-22273",
"datePublished": "2023-11-17T12:52:28.324Z",
"dateReserved": "2022-12-19T17:47:20.527Z",
"dateUpdated": "2025-12-16T18:23:25.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-30670 (GCVE-0-2022-30670)
Vulnerability from cvelistv5 – Published: 2022-06-16 16:56 – Updated: 2024-09-16 17:43
VLAI?
Title
Escalate Privileges to Server Admin - Robohelp Server
Summary
RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction.
Severity ?
8.8 (High)
CWE
- CWE-285 - Improper Authorization (CWE-285)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RoboHelp",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "\u003cRHS11U3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization (CWE-285)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T16:56:25",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Escalate Privileges to Server Admin - Robohelp Server",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2022-06-14T23:00:00.000Z",
"ID": "CVE-2022-30670",
"STATE": "PUBLIC",
"TITLE": "Escalate Privileges to Server Admin - Robohelp Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RoboHelp",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "\u003cRHS11U3"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization (CWE-285)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/robohelp-server/apsb22-31.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-30670",
"datePublished": "2022-06-16T16:56:25.980172Z",
"dateReserved": "2022-05-12T00:00:00",
"dateUpdated": "2024-09-16T17:43:38.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42727 (GCVE-0-2021-42727)
Vulnerability from cvelistv5 – Published: 2021-11-22 15:37 – Updated: 2024-09-17 00:50
VLAI?
Title
Adobe Bridge Buffer Overflow Arbitrary code execution
Summary
Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write (CWE-787)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bridge",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "11.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-28T16:37:11",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Bridge Buffer Overflow Arbitrary code execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-10-26T23:00:00.000Z",
"ID": "CVE-2021-42727",
"STATE": "PUBLIC",
"TITLE": "Adobe Bridge Buffer Overflow Arbitrary code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bridge",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "11.1.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write (CWE-787)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-42727",
"datePublished": "2021-11-22T15:37:29.526083Z",
"dateReserved": "2021-10-19T00:00:00",
"dateUpdated": "2024-09-17T00:50:37.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28588 (GCVE-0-2021-28588)
Vulnerability from cvelistv5 – Published: 2021-06-28 14:13 – Updated: 2024-09-16 23:05
VLAI?
Title
Adobe RoboHelp Server folderId Directory Traversal Remote Code Execution Vulnerability
Summary
Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Severity ?
8.8 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | RoboHelp Server |
Affected:
unspecified , ≤ 2019.0.9
(custom)
Affected: unspecified , ≤ None (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.958Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-660/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RoboHelp Server",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2019.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-28T14:13:14",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-660/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe RoboHelp Server folderId Directory Traversal Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-06-08T23:00:00.000Z",
"ID": "CVE-2021-28588",
"STATE": "PUBLIC",
"TITLE": "Adobe RoboHelp Server folderId Directory Traversal Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RoboHelp Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2019.0.9"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-660/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-660/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-28588",
"datePublished": "2021-06-28T14:13:14.965669Z",
"dateReserved": "2021-03-16T00:00:00",
"dateUpdated": "2024-09-16T23:05:32.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2133 (GCVE-0-2011-2133)
Vulnerability from cvelistv5 – Published: 2011-08-11 22:00 – Updated: 2024-08-06 22:53
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 before 9.0.1.262, and RoboHelp Server 8 and 9, allows remote attackers to inject arbitrary web script or HTML via the URI, related to template_stock/whutils.js.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:16.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA11-222A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-222A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-23.html"
},
{
"name": "8334",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 before 9.0.1.262, and RoboHelp Server 8 and 9, allows remote attackers to inject arbitrary web script or HTML via the URI, related to template_stock/whutils.js."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-22T09:00:00",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "TA11-222A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA11-222A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-23.html"
},
{
"name": "8334",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-2133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 before 9.0.1.262, and RoboHelp Server 8 and 9, allows remote attackers to inject arbitrary web script or HTML via the URI, related to template_stock/whutils.js."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-222A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-222A.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-23.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-23.html"
},
{
"name": "8334",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2011-2133",
"datePublished": "2011-08-11T22:00:00",
"dateReserved": "2011-05-13T00:00:00",
"dateUpdated": "2024-08-06T22:53:16.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0613 (GCVE-0-2011-0613)
Vulnerability from cvelistv5 – Published: 2011-05-16 17:00 – Updated: 2024-09-16 17:43
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:25.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-09.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-05-16T17:00:00Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb11-09.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2011-0613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb11-09.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb11-09.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2011-0613",
"datePublished": "2011-05-16T17:00:00Z",
"dateReserved": "2011-01-20T00:00:00Z",
"dateUpdated": "2024-09-16T17:43:49.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2886 (GCVE-0-2010-2886)
Vulnerability from cvelistv5 – Published: 2010-10-26 18:00 – Updated: 2024-09-17 01:51
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-2718",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2718"
},
{
"name": "41870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-23.html"
},
{
"name": "1024611",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-26T18:00:00Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "ADV-2010-2718",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2718"
},
{
"name": "41870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-23.html"
},
{
"name": "1024611",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024611"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2718",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2718"
},
{
"name": "41870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41870"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-23.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-23.html"
},
{
"name": "1024611",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024611"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-2886",
"datePublished": "2010-10-26T18:00:00Z",
"dateReserved": "2010-07-27T00:00:00Z",
"dateUpdated": "2024-09-17T01:51:55.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2885 (GCVE-0-2010-2885)
Vulnerability from cvelistv5 – Published: 2010-10-26 18:00 – Updated: 2024-09-16 21:08
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-2718",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2718"
},
{
"name": "41870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-23.html"
},
{
"name": "1024611",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-26T18:00:00Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"name": "ADV-2010-2718",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2718"
},
{
"name": "41870",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb10-23.html"
},
{
"name": "1024611",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024611"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2010-2885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-2718",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2718"
},
{
"name": "41870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41870"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-23.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-23.html"
},
{
"name": "1024611",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024611"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2010-2885",
"datePublished": "2010-10-26T18:00:00Z",
"dateReserved": "2010-07-27T00:00:00Z",
"dateUpdated": "2024-09-16T21:08:13.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3068 (GCVE-0-2009-3068)
Vulnerability from cvelistv5 – Published: 2009-09-04 18:00 – Updated: 2024-08-07 06:14
VLAI?
Summary
Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html"
},
{
"name": "36245",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36245"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.intevydis.com/blog/?p=69"
},
{
"name": "36467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36467"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-066"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-14.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.intevydis.com/blog/?p=26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twitter.com/elegerov/statuses/3737725344"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twitter.com/elegerov/statuses/3727947465"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "20090923 ZDI-09-066: Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/506687/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twitter.com/elegerov/statuses/3737538715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html"
},
{
"name": "36245",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36245"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.intevydis.com/blog/?p=69"
},
{
"name": "36467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36467"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-066"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-14.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.intevydis.com/blog/?p=26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twitter.com/elegerov/statuses/3737725344"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twitter.com/elegerov/statuses/3727947465"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "20090923 ZDI-09-066: Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/506687/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twitter.com/elegerov/statuses/3737538715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html",
"refsource": "MISC",
"url": "http://blogs.adobe.com/psirt/2009/09/potential_robohelp_server_8_is.html"
},
{
"name": "36245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36245"
},
{
"name": "http://www.intevydis.com/blog/?p=69",
"refsource": "MISC",
"url": "http://www.intevydis.com/blog/?p=69"
},
{
"name": "36467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36467"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-066",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-066"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-14.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-14.html"
},
{
"name": "http://www.intevydis.com/blog/?p=26",
"refsource": "MISC",
"url": "http://www.intevydis.com/blog/?p=26"
},
{
"name": "http://twitter.com/elegerov/statuses/3737725344",
"refsource": "MISC",
"url": "http://twitter.com/elegerov/statuses/3737725344"
},
{
"name": "http://twitter.com/elegerov/statuses/3727947465",
"refsource": "MISC",
"url": "http://twitter.com/elegerov/statuses/3727947465"
},
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
},
{
"name": "20090923 ZDI-09-066: Adobe RoboHelp Server Arbitrary File Upload and Execute Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506687/100/0/threaded"
},
{
"name": "http://twitter.com/elegerov/statuses/3737538715",
"refsource": "MISC",
"url": "http://twitter.com/elegerov/statuses/3737538715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3068",
"datePublished": "2009-09-04T18:00:00",
"dateReserved": "2009-09-04T00:00:00",
"dateUpdated": "2024-08-07T06:14:56.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0523 (GCVE-0-2009-0523)
Vulnerability from cvelistv5 – Published: 2009-02-26 16:00 – Updated: 2024-08-07 04:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-0512",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0512"
},
{
"name": "1021755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021755"
},
{
"name": "34048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34048"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-02.html"
},
{
"name": "robohelp-errors-log-xss(48890)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48890"
},
{
"name": "33887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33887"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-0512",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0512"
},
{
"name": "1021755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021755"
},
{
"name": "34048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34048"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-02.html"
},
{
"name": "robohelp-errors-log-xss(48890)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48890"
},
{
"name": "33887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33887"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0512",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0512"
},
{
"name": "1021755",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021755"
},
{
"name": "34048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34048"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-02.html"
},
{
"name": "robohelp-errors-log-xss(48890)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48890"
},
{
"name": "33887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33887"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0523",
"datePublished": "2009-02-26T16:00:00",
"dateReserved": "2009-02-10T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0524 (GCVE-0-2009-0524)
Vulnerability from cvelistv5 – Published: 2009-02-26 16:00 – Updated: 2024-08-07 04:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:03.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-0512",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0512"
},
{
"name": "1021755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021755"
},
{
"name": "33888",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33888"
},
{
"name": "34048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34048"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-02.html"
},
{
"name": "robohelp-generated-files-xss(48889)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48889"
},
{
"name": "34032",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34032"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2009-0512",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0512"
},
{
"name": "1021755",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021755"
},
{
"name": "33888",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33888"
},
{
"name": "34048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34048"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.adobe.com/support/security/bulletins/apsb09-02.html"
},
{
"name": "robohelp-generated-files-xss(48889)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48889"
},
{
"name": "34032",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34032"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0512",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0512"
},
{
"name": "1021755",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021755"
},
{
"name": "33888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33888"
},
{
"name": "34048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34048"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-02.html"
},
{
"name": "robohelp-generated-files-xss(48889)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48889"
},
{
"name": "34032",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34032"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0524",
"datePublished": "2009-02-26T16:00:00",
"dateReserved": "2009-02-10T00:00:00",
"dateUpdated": "2024-08-07T04:40:03.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}