Main Vulnerability Database SB2016121309

SB2016121309 - Cross-site scripting in Adobe RoboHelp

Published: December 13, 2016

Security Bulletin ID SB2016121309

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Cross-site scripting (CVE-ID: CVE-2016-7891)

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability is caused by insufficient sanitization of user-supplied input. A remote attacker can create a specially crafted web page, trick the victim into visiting this page and execute arbitrary HTML and JavaScript code in victim’s browser in security context of vulnerable website.

Successful exploitation of the vulnerability may allow an attacker to perform phishing and drive-by-download attacks as well as steal victim’s cookies.

Remediation

Install update from vendor's website.

References

https://helpx.adobe.com/security/products/robohelp/apsb16-46.html