DOM Based Cross-Site Scripting issue in RoboHelp 10

Similar Messages

• Cross site scripting errors in RoboHelp 8.0

  We are using Robohelp 8.02, generating webhelp for a web application. Development just started to use Fortify to identify security vulnerabilities. The Fortify software found 17 Robohelp htm files with cross-site scripting security holes. We are NOT using RoboHelp Server 8.
  Before creating this posting, I searched the forums and found one post from Feb 2010 (Beware -serious - cross site scripting errors in Robohelp 8.0).
  From reading that posting, it appears that an Adobe engineer was involved----I'm not clear on the final outcome for this issue.
  Any additional information on the final resolve for this issue would be helpful.
  Thanks,
  Beware - serious breach - cross site scripting errors in RoboHelp 8.0

  The previous poster indicated that Tulika, who I can confirm is an Adobe engineer, stated "when she reviewed the code that was triggering the Fortify cross site scripting errors, she came to the conclusion that it was not actually harmful." The poster also indicated their opinion was the other errors were minor.
  That seems clear enough so I wonder what value is anything that anyone here can add? The forum responses are from other users and I would have thought any further assurance beyond the above is something your management would want to come from Adobe.
  I have not seen anything on these forums indicating that any attack has been triggered.
  See www.grainge.org for RoboHelp and Authoring tips
  @petergrainge

• LiveCycle ES2, Guides, SSL and IE 8/9 Cross Site Scripting Issue

  I have a guide that is being served up in the workspace.
  This guide works fine in all of the different browser versions provided they go through port 8080.
  If however you enable SSL on your server (port 8443) and serve up the guide in the workspace, the end user can fill the entire form out only to have the browser identify the submit process as a Cross Site Scripting issue.
  This is the result:
  The data is essentially lost and guide disappears.  I had a theory that maybe the submit process might be using the default server port for data submissions (8080) and created a customized submit process with the hardcoded targetURL.
  I tried to test my theory and got the same result.  I then modified my custom submit process to essentially do nothing (Started and ended the process with an abstract activity), and got the same result.
  The only other thing that I could think of, is that the automatically generated action script classes might be hard coded to use default port instead of the SSL port.
  Suggestions?!

  Hi
  You can rise SR for your issue for 5000+ user or you can also can connect wiht your system engineer team for can possible solution as setup IE and deploy it to 5000+ user pcs
  For your other question see below note:
  Recommended Browsers for Oracle E-Business Suite 11i [ID 285218.1]
  Regard
  Helios

• Cross-site scripting vulnerability RoboHelp 10 version

  Has the cross-site scripting vulnerability been addressed in the RoboHelp 10 version

  To the best of my knowledge it was addressed in Rh9. Rh10 has an HTML5 output option that does not use frames.
  However, if security is a concern, then only a security expert can give you the assurance you require.
  Personally I have yet to hear of webhelp being used maliciously but that does not mean it hasn't happened.
  See www.grainge.org for RoboHelp and Authoring tips
  @petergrainge

• Due to the presence of characters known to be used in Cross Site Scripting

  I am getting following error when I try to send single quote as part of URL. I tried javascript escape to encode the URL. But still getting same error. Does anybody know workaround for the issue. Thanks
  Due to the presence of characters known to be used in Cross Site Scripting attacks, access is forbidden. This web site does not allow Urls which might include embedded HTML tags.
  403: Access Forbidden
  Your client is not allowed to access the requested object

  FYI. We are using IIS Webserver and Weblogic Appserver.
  When the page is accessed through Weblogic , cross site script does not occur. It happens when the page is rendered via IIS.

• HTLM Tag Injection - Cross Site Scripting

  Hello,
  I have a basic app with JSP pages and Servelts running on Tomcat. I been told my application in vulnerable to tag injection that could be used to cross site scripting & phishing attacks. What is the best way to prevent these kind of attacks? Is there something in java or do I need to add code? Does Tomcat have anything built in to prevent this?
  Thank you!

  If you don't display content from users then you're unlikely to have issues. If you do (even usernames) then you have to clean the input. That's non-trivial and there's no way to automate it for all cases so there's nothing built in to do it.

• Webhelp vulnerable during XSS cross site scripting audit. Reason - document.location.href

  Online help created by team is going through a security vulnerability check now. It has been found that after integration of webhelp with the application,document.location.href  is a vulnerable point as per XSS cross site scripting. Please your thoughts and any methods you have that can contain this situation. Its urgent, please help.

  This thread is now locked. See the duplicate post.
  See www.grainge.org for RoboHelp and Authoring tips
  @petergrainge

• Cross site script

  Hi,
  I talked about with my team.I heard about the cross site script or XSS in web based applications.We are using oracle EBS suite.Is it occured in EBS?
  If it's, how to prevent them?

  Hi,
  I do not think it can be found in Oracle Apps 11i/R12 -- Please log a SR to confirm this with Oracle support.
  You may also review these documents and see if it helps.
  Note: 403537.1 - Best Practices for Securing Oracle E-Business Suite Release 12
  Note: 189367.1 - Best Practices for Securing the E-Business Suite Release 11i
  Regards,
  Hussein

• Cross-site Scripting Vulnerability OAS-10g/10.1.2.0.0 OHS

  Has anyone confronted the Cross-site scripting Vulnerability with 10g and OHS 10.1.2?
  We are about to put our first APEX box into production, but we need to fix this vulnerability first.
  I did some searching around but failed to come up with anything useful. It could be my searching sucked, too.
  Any thoughts / help / ideas would be greatly appreciated.
  Thanks.

  Hi,
  Do you get this error when you try to run forms configured using OAS 10g 10.2.0.2.
  We run a Web application using OAS 10g 10.2.0.2 and after leaving the application idle, more than half an hour, ora-12152 is displayed and the application is in a deadlock.
  Can you please suggest any solution for the same.
  Should the SQLNET.AUTHENTICATION_SERVICES= (NTS) be commented in sqlnet.ora file.
  Sridharrs

• Download to excel on grid generates url with Cross Site Scripting Attack

  When we try to download to exell on a grid (8.50.18). The webserver comes back with an automaticly generated url. This url now contains the characters "%0d%0a" (CR/LF
  Our firewall/ proyserver detects this string in the url as a Cross Site Scripting Attack (XSS) and fails to shows the excell.
  This happens in all our environments (so not dependend on the domain name).
  Does anyone know a solution for this problem?

  it seems a known bug, starting from 8.50.14 and solved with 8.50.19 (also in 8.51xx)
  Unfortunately we are on 8.50.18. Its now a bad timing to update our environment.
  It seems that psppr.dll is doing the job but replacing ours with the 8.50.19 one leaves our domains unstartable.
  I guess we have to ask our network techies to make a exception rule in our internal network/ firewall to allow it.......
  Detlev

• MS IE toStaticHTML String Parsing Cross-Site Scripting Vulnerability alarms

  Hi,
  I was wondering if someone else has noted an increase in false positives concerning the following 2 events:
  - Microsoft Internet Explorer toStaticHTML String Parsing Cross-Site Scripting  Vulnerability
  - Microsoft Office Excel Ghost Record Parsing Arbitrary Code Execution Vulnerability
  Obvisouly I see these events because the signature has been introduced recently!!!
  But I wonder if these alarms I'm getting are genuine (and I have a big problem), or if the signature needs to be 'tuned' by Cisco to be a bit less sensitive?
  Anyone has experienced something similar or can shed a light?
  Thanks,
  seb.

  Hello Seb,
  Since I don't have the entire transmission, I can't tell what exactly is commented out in regard to the tags, but the data appears to look something like below.
  e){  
    //v3.0..   
    eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'");
    if (restore) selObj.selectedIndex=0;
  //-->
  @td  
  img{display: block;}
  @import url("p7tp/p7tp_01.css
  With 30419 being related to CVE-2010-3324, I assume the signature is firing due to some match variation of the fact that @import and the tags are showing up in a response from your web server. The toStaticHTML method should remove tags, but the vulnerability is causing that mechanism to fail.
  The oBot User-Agent caught my eye. Google returns several pages to the effect of oBot being a:
  "German spider from Cobion, now part of Internet Security Systems. Scans the web for their clients looking for copyright infringement."
  I'm not sure what benefit this search bot would receive from injecting Javascript into the response.
  I'll forward the capture data to our sig team to confirm whether this should be a legitimate match.
  Thank you,
  Blayne Dreier
  Cisco TAC Escalation Team
  **Please check out our Podcasts**
  TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast
  TAC IPS Media Series: https://supportforums.cisco.com/community/netpro/security/intrusion-prevention?view=tags&tags=tac_ips_media_series

• Business Objects Infoview 'cms' Cross-Site Scripting Vulnerability

  I was recently notified that we are vulnerable to cross-site scripting. We are using Crystal Enterprise XI R2. I read that we need fix  pack 3.5, however i dont know where to find it within SAP. I thought that Service Pack 3 would help but it doesn't appear available to download. Has anyone else talked this vulnerability?
  Edited by: Wade Hinkle on Jul 18, 2008 6:53 PM
  Edited by: Wade Hinkle on Jul 18, 2008 6:53 PM

  Hi experts,
  i checked the permissions at the PCD and everything should be fine.
  But what i found out at the moment is that the Business Objects Application does try to change the Browser height and width...for some reasons i don't know.
  Well and the portal does not allow this action at the portal browser / content area.
  1) The error messages are window.setIframeHeigth :
  while (childFrame != parentWin && parentWin.setIframeHeight && parentWin.supportResizeFrameToContent) {
          var x = parentWin.document.body.scrollLeft;
          var y = parentWin.document.body.scrollTop;
          parentWin.setIframeHeight(childFrame.name);
          parentWin.scrollTo(x,y);
          childFrame = parentWin;
          parentWin = childFrame.parent;
  2) the other message is Window.document
  function findElementById(Id) {
       var mywin = window;
       while (mywin != mywin.parent && mywin.parent && mywin.parent.document) {
            mywin = mywin.parent;
  The only way it works now, is when i chosse the option "display at own window" the application is started and can be accessed.
  Well, but unfortunal this is not the integration layer i am looking for.. i would like to "integrated" the web application at the portal content area.
  Has anybody some other ideas?
  Thanks in advantage and beste regards
  Stefan

• Which hotfix corrects cross-site scripting vulnerability?

  Our security-auditing scanning service is failing to certify
  our ColdFusion 7.02 servers, saying that there's a cross-site
  scripting vulnerability, even though we've installed the most
  recent hotfixes relating to cross-site scripting.
  The specific vulnerabilities we're being told exist are
  described here:
  http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0817
  and
  http://www.securityfocus.com/archive/1/459178/30/0/threaded
  Exactly what hotfixes or patches are needed to correct this?
  Or is this known to be a false positive in these tests?
  Thanks.

  I think is time for you to upgrade to ColdFusion 8, it has a
  new variable in the cfapplication tag that will activate cross
  scripting attack protection.
  Dario

• Cross-site scripting vulnerability

  HI!
  Has any one done this yet? Embedding a flash video object in
  Dreamweaver or
  Contribute using the Insert Flash Video command might create
  a cross-site
  scripting vulnerability. A potential cross-site scripting
  vulnerability has
  been identified within the FLVPlayer_Progressive.swf file.
  The fix on Adobe
  web site is not clear, the article I read about it says
  Dreamweaver 8 and
  CS3 are affected but the adobe page only refers to CS3. I was
  wondering if
  the files for the download they provide will work in 8.02 as
  well? This is
  the link to the Adobe webpage.
  http://kb.adobe.com/selfservice/viewContent.do?externalId=kb402925&sliceId=1
  Thanks.
  Dave

  I use CS3 and have done the update. The advice in the article
  on the page you're referring to is totally messed up.
  Do the renamed ... .old files need to be deleted from the
  \Program Files\Adobe\Adobe Dreamweaver
  CS3\configuration\Templates\Video_Player and the \Program
  Files\Adobe\Adobe Contribute
  CS3\Configuration\Templates\Video_Player folders or not? The
  article says nothing about this.
  The described update process for existing sites is absolutely
  unclear. Open the page in Dw, Preview In Browser, and Save? What
  change would that make? More importantly, is it enough to update
  the FLVPlayer_Progressive.swf and/or the FLVPlayer_Streaming.swf on
  existing sites or not?
  The updated files have a creation date of January 9, 2008
  while the article suggests that these files should have a creation
  date of January 15, 2008.
  The link is broken in the "Additional Information" section.
  That page seriously needs some supervision imho.

• New sig 5757 - Outlook cross-site scripting - lots of FPs

  Receiving lots of apparent FPs for 5757. I don't see any nulls (encoded or otherwise) in the payload, and it's flagging a chunk of an SMTP conversation.
  Example logged payload included.

  It seems that perhaps a particular piece of SPAM or virus generated email is triggering these alarms? I'm seeing LOTS of sources, but the content is similar:
  evIdsAlert: eventId=1135862749444282610 vendor=Cisco severity=medium
  originator:
  hostId: 01-evlan-c1
  appName: sensorApp
  appInstanceId: 16749
  time: June 14, 2006 7:56:31 PM UTC offset=-300 timeZone=GMT-06:00
  signature: description=Microsoft Exchange Server Cross-Site Scripting id=5757 version=S232
  subsigId: 0
  sigDetails: Microsoft Exchange Server Cross-Site Scripting
  interfaceGroup:
  vlan: 0
  participants:
  attacker:
  addr: 82.125.81.103 locality=ANY
  port: 4628
  target:
  addr: 206.195.196.20 locality=GREEN_HOSTING
  port: 25
  context:
  fromTarget:
  fromAttacker:
  000000 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F ________________
  000010 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 3C _______________<
  000020 42 52 3E 54 6F 20 63 68 61 6E 67 65 20 79 6F 75 BR>To change you
  000030 72 20 3D 0D 0A 6D 61 69 6C 3D 32 30 0D 0A 20 20 r =..mail=20..
  000040 20 20 20 20 70 72 65 66 65 72 65 6E 63 65 73 2C preferences,
  000050 20 67 6F 20 3C 41 20 3D 0D 0A 68 72 65 66 3D 33 go 000060 44 22 68 74 74 70 3A 2F 2F 31 32 31 2E 69 2D 61 D"http://121.i-a
  000070 6D 2D 68 61 70 70 79 2E 6E 65 74 2F 72 6D 2F 22 m-happy.net/rm/"
  000080 3E 68 65 72 65 3C 2F 41 3E 0D 0A 20 20 20 20 20 >here..
  000090 20 3C 50 3E 3C 2F 50 3E 3C 2F 54 44 3E 3C 2F 54
  0000A0 52 3E 3C 2F 54 42 4F 44 59 3E 3C 2F 54 41 42 4C R>
  0000B0 45 3E 3C 2F 43 45 4E 54 45 52 3E 3C 2F 42 4F 44 E>
  0000C0 59 3E 3C 2F 48 54 4D 4C 3E 0D 0A 0D 0A 0D 0A 2D Y>......-
  0000D0 2D 2D 2D 2D 2D 3D 5F 4E 65 78 74 50 61 72 74 5F -----=_NextPart_
  0000E0 30 30 30 5F 30 30 30 30 5F 39 36 32 46 34 39 31 000_0000_962F491
  0000F0 35 2E 39 35 31 41 34 39 33 35 2D 2D 0D 0A 0D 0A 5.951A4935--....
  riskRatingValue: 30
  interface: ge0_0
  protocol: tcp