Xss vulnerabilities in Robohelp 10.0.0.287

Similar Messages

• Word doc generated from RoboHelp 10 uses "Article" and "Section" as Prefixes in the TOC

  I am generating a printed document, specifically a Word document from a RoboHelp 10 project. When I select Use Styles from Microsoft Word Template in the Print documentation Appearance dialog box, the TOC1 heading in the Word document is prefixed with "Article", the TOC 2 heading is prefixed with "Section", and TOC 3 is alpha numbered like this:
  Table of Contents
  Article I.          The Protocol Probe 1
  Section 1.01     Welcome. 2
  (a)         About this Guide. 2
  Section 1.02     Product Overview.. 3
  (a)         Contacting Us. 3
  Article II.      Install and Configure the Probe 3
  Section 2.01     How to Install the Probe. 6
  Section 2.02     Overview.. 7
  Section 2.03     Server Installation. 8
  (a)         Warnings and Cautions. 8
  (b)         Warning: Adherence to Safety and Assembly Instructions. 8
  This occurs whatever Word template I specify in RoboHelp. It does not occur if I select the Use Styles From Stylesheet checkbox. It also occurs if I generate a PDF.
  When I update TOC in Word the correct numbering and styles I have specified are applied. However, I don’t want to have to do this every time I generate a Word document.
  I have tried the following, all with the same result:
  Specifying different Word templates in Robohelp
  Creating a blank template in Word with minimum styles an specifying this template in RoboHelp
  Recreating the TOC styles in Word
  Re-installing the style mapping template in Robohelp
  Looking thru the default mapping and other RoboHelp templates and CSS to see what might be causing the odd numbering.
  I have just installed RoboHelp 10 (no previous version of RoboHelp on system) and have never encountered this problem with any version of RoboHelp before.
  I cannot determine if it is Word or RoboHelp, or a combination of both, that is causing the problem.
  I know that the prefixes that are generated in the Word TOC are defined by List Templates in Word; however there is no real way to edit these in Word as far as I can tell. As far as I can see, the TOC styles in the Word template do not have any specific numbering specified.
  Has anyone encountered this problem before and found a solution? Or does anyone know how RoboHelp specifies the styles for TOC's for Word documents?
  I am using Windows XP SP3, Word 2007 and RoboHelp 10.0.0.287.
  Thanks in advance.

  RoboHelp will be using the template you selected as per your first post in the thread.
  See www.grainge.org for RoboHelp and Authoring tips
  @petergrainge

• Importing ditamap into RoboHelp fails

  I am trying to import a ditamap (created in FrameMaker) into RoboHelp. I am able to create Web output using command line DITA-OT, which is what RH uses in the background. But when I try in RH, I get the following error:
  Error occurred while importing C:\......\a.ditamap. See Output View for details.
  The Output View says:
  Processing with DITA Open Toolkit failed. No Logs found.
  Check DITA Open Toolkit is installed and working.
  Well, as I said, DITA Open Toolkit is indeed installed and working for the exact ditamap that fails in RH. Even more puzzling is the fact that my colleague, who we believe has the same setup as I do, is able to import the ditamap.
  We are both using RoboHelp 10.0.0.287, which I believe is the latest update available. Please correct me if I'm wrong! Our machines are Windows 7 and we have FrameMaker 11 (not that it should matter). DITA-OT is 1.6.3.
  I found some talk about this problem from an old post (here), in which someone stated that Adobe is working on this. Any ideas whether that is still the case, or if I can try anything else?
  Thanks,
  Heather

  Thank you for your reply, RoboColum(n). It turns out that the solution was to use DITA-OT 1.5 rather than 1.6.3. I was mistaken when I said above that my colleague and I had the same setup. He has been running the OT 1.5 for quite some time and since I recently installed it, I went for the newer version.
  We can use version 1.5 for what we need, but it is rather strange that version 1.6 does not work to import ditamaps in RoboHelp. The information I found states that version 1.6 improves performance, provides clearer error messages and has undergone significant code cleanup.
  I would be interested to know if Adobe will be keeping up with future versions of the DITA Open Toolkit. There are plans to incorporate the creation of context-sensitive webhelp in a future version, which would be really helpful for us.
  Thanks again,
  Heather

• RoboHelp 10 WebHelp search feature not working?

  Hi all,
  I am using the Adobe Technical Communication Suite 4 and cannot get RoboHelp 10 to generate a WebHelp product with search capabilities.
  I have created a RoboHelp 10 WebHelp project and imported FrameMaker 11 files.
  Everything seems okay, but when I search in Internet Explorer 10, nothing happens.  I can even be on the same page as a term and enter the term in the box,
  but then nothing happenns. I also tried:  Opera, Firefox, Chrome and Safari browsers and still no results in the WebHelp search results.
  Actually, I get one word by default and that word is:  "null".
  Any idea on what is causing this?  I have a deliverable due soon, and I need to get this search capability working.
  Thanks in advance for your suggestions.
  I am using the latest patch too - RoboHelp 10.0.0.287
  Regards,
  Jim

  Hi Jeff,
  Thanks for the reply.  I am not sure if it is Java, although I did download Java to make sure I had the latest update.  I am running on a Windows 7 64 Bit Dell Laptop with Adobe TCS 4.
  I just saw a different post - but related to this post on the topic and I think it has to do something with the XML files that are created during the normal generation process.
  I have a feeling that there is something wrong with my XML files and the reason I say that is because I can generate one of the sample RoboHelp projects to WebHelp and then use IE 10 to search and the results
  come up right away, but when I do a WebHelp generate on my project the search does not work.
  Here is that related thread:
  http://forums.adobe.com/thread/798369
  Search Error: Failed to initialize database
  Mar 1, 2011 12:33 PM
  That thread dealt with RoboHelp 8 and I am using RoboHelp 10, but I think the problem is probably the same.
  My questions are as follows:
  I have a customer deliverable on Monday with several hundred files and a search mechanism that does not work at all.  Can I copy the search mechanism from the sample project and then put it into my project?
  Are the XML files generic or specific to each project?
  How many XML, Javascript and other RoboHelp type files are used to make the search functionality work?  I was thinking of populating one of those sample files, that has already been started with my files to see if that would get things going in the right direction - with the idea of removing all the sample files from that project and replacing them with my files, but, I have over 400 files, including references to foldout drawings and vendor manuals (baggage files) and it would probably take too much time to make that happen.
  With that said, if you or anyone else has ideas on how I could get this search engine working, I would really, really appreciate it.
  My current file structure is like this:
  Main Project Folder
      !ScreenLayout
      My Project File1
      My Project File2
      My Project File3
      resource
      whdata
      whgdata
      whxdata
      Frnt_Cov.htm
      Frnt_Cov_csh.htm
      Frnt_Cov_rhc.htm
      All RoboHelp graphics, javascripts and .htm files
  There does NOT seem to these folders that are in the sample:
  !Language!
  !SkinSubFolder!
  !SSL!
  The !ScreenLayout! folder is the only one present.  Does this have anything to do with only having MultiScreen HTML5 and WebHelp (Primary Layout) for my project settings?
  Again the most notable difference I see, is between the folders NOT included in my project (!Language!, !SkinSubFolder! and !SSL!).  I am not sure why these folders are not included in WebHelp.
  Thanks for taking the time to read this, as well as for any suggestions that can be offered.  I really need to get the search feature working by tomorrow.
  Regards,
  Jim

• Trying to understand an application.cfm attack

  I have a site that I've been running without issue, for years now - I sniff and block for cross site scripting, sql injection, executable file uploads, and employ honeypot fields on forms... 
  This past week I wanted to watch some slow page loads for performance, noting their time to execute.  I chose to use an application.cfm and an onrequestend.cfm to set a timestamp and to place it on the end of my pages.  Prior to this, I have not utilzed an application.cfm.  I'm pragmattic and look upon the application.cfm as a catch-all to do things that I should be planning better for in my application.
  I soon found myself the recipient of a cross site scripting attack.  I realised easily that I opened myself wide to this because the application.cfm runs _before_ everything, including my sniffer code. Derrrr!
  I deleted the application.cfm and onrequestend.cfm and cleanded up my files having caught it same day and experiencing little damage.  The attack was only inserting javascript into my index pages via the application.cfm .  Rather ingenious and it was fun to find and consider.  Payday loan spam.
  I've been google'ing and reading on uploading vulnerabilities, but I can only find one instance where someone described their application.cfm file having been modified in similar fashion, the vector being a vulnerability in fckeditor - which I do not use. Nor do I use any other third party editor plugin.
  An article I found mentions vulnerable files in legacy CFDOCS folder that allow access and uploads.  I have a fresh install of CF9 so this did not exist.  There was a cfx folder tree with some "example" code folders.  I've zipped and deleted these.
  I have changed ftp to use a non-standard port.  Something that I used to do, but failed to re-instate when I moved to a different host.  I have a ticket submitted to get help in blocking CFIDE path requests to the outside world (so that it will only be accessable locally via RDP).
  If someone/something could modify the application.cfm file, why look for just it, unless it was just a lazy scripted attack looking for application.cfm files specifically.  And while I did not have one before, why did someone not just upload their own?
  How and why was my application.cfm changed, and why not the index.cfm files directly if they had some other avenue of access?
  My question is this - can the application.cfm be tricked into modifying itself?
  Thanks in advance!

  Sorry about that - a misunderstanding. When you said you "deleted the application.cfm and onrequestend.cfm and cleanded up my files...", I took that to mean you only deleted the code. I assumed the files to still be on the file system. For, to run a ColdFusion application of any substance, you do need an Application file.
  aotgnat wrote:
  The attack was only inserting javascript into my index pages via the application.cfm .
  Not necessarily via the application file. What the attacker may very likely have exploited is a ColdFusion Cross Site Scripting (XSS) vulnerability. This link shows you that a cfform, user-agent HTTP header, etc. may be used in an XSS attack. (See the XSS vulnerabilities relevant to CF9, which include CVE-2009-3467, CVE-2010-1293, CVE-2011-0583, CVE-2011-0733, CVE-2011-0734, CVE-2011-0735, CVE-2011-2463, CVE-2011-4368).

• How to deal with SP Apps when the SP farm is in a different AD domain?

  I have a situation here where we have two AD domains, production and test.  My laptop (that I do most of my work on) is on our production (MYCOMPANY) domain, and my SP2013 farm is in the test (TESTMC) domain. The DNS is set up as mycompany.com and test.mycompany.com.
   I have a personal account in the production domain, a personal account in the test domain, and I have set up a generic SP Admin account in the test domain. (My personal account is also a farm admin and site collection admin.)
  I think I have set up the app infrastructure correctly (app domain in DNS is "spapp.test.mycompany.com", etc.), and apps seem to work, but I was running into the issue of the app config page and app parts prompting for credentials when they load
  on a page. So I followed the advice I found online and added the app domain to my local Intranet sites in IE internet settings.
  Now what's happening is that the app parts and app configuration pages say
  "Sorry, this site hasn't been shared with you."
  I'm logging in to my laptop with my production domain credentials, but when I go to the SP site I'm logging in with my test domain credentials. If I take the app domain out of my Intranet sites, and force the second credential check, and use the test domain
  credentials, everything seems to work. So I'm guessing that what's happening is that with the app domain included in the Intranet sites, my production domain credentials are getting passed on to the app.
  Am I right in my assumption? What's a good way to deal with this? I've had previous experiences that led me to believe SP would use the credentials you logged in to the site with (in this case, my test domain account), which are associated with the browser
  session, and not default to the credentials you are logged in to the machine with.
  In addition, it seems like anything opening from the app domain gets stripped of all the SharePoint bits. Here's a screen shot of an app configuration page in a working environment:
  And here's a screen shot of the same app configuration page in my environment:
  Does anyone have any idea what's going on here?  Where should I be looking to fix this?
  Dylan Cristy | MCTS SharePoint 2010 Application Development
  Blog: morefunthanapokeintheeye.blogspot.com

  Note that it is not recommended to place the SharePoint Apps DNS zone in the Intranet Zone of IE, as SharePoint Apps (from 3rd parties, at least) should be potentially dangerous as they may contain XSS vulnerabilities.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Script in Process Success Message. No go in chrome(ium)

  Not sure if this is considered a bug or not, or if the handling of branches with process success message has changed, but it doesn't seem to work anymore with a standard branch to page on chrome.
  It is reporting:
  Refused to execute a JavaScript script. Source code of script found within request
  I have used this in the past and it used to work. (talking 3.2, but either apex/chrome/both has changed since then)
  Anyway, researching the error leads me to this blog from chromium: http://blog.chromium.org/2010/01/security-in-depth-new-security-features.html
  We've been hard at work adding proactive security features to Google Chrome, and we're particularly excited about five new security features that make it easier for developers to build secure web sites.I think this relates to:
  *Reflective XSS Protection*One of the most difficult parts of building a secure web site is protecting against cross-site scripting (XSS) vulnerabilities. In Google Chrome 4, we've added an experimental feature to help mitigate one form of XSS, reflective XSS. The XSS filter checks whether a script that's about to run on a web page is also present in the request that fetched that web page. If the script is present in the request, that's a strong indication that the web server might have been tricked into reflecting the script.
  The XSS filter is similar to those found in Internet Explorer 8 and NoScript. Instead of being layered on top of the browser like those filters, our XSS filter is integrated into WebKit, which Google Chrome uses to render webpages. Integrating the XSS filter into the rendering engine has two benefits: (1) the filter can catch scripts right before they are executed, making it easier to detect some tricky attack variations, and (2) the filter can be used by every WebKit-based browser, including Safari and Epiphany.
  We are aware of a few ways to bypass the filter, but, on balance, we think that the filter is providing enough benefit to enable it by default in this release. If you discover a new way to bypass the filter, please let us know. We're very interested in improving the filter in subsequent releases. We're grateful to the security researchers who have helped us with the filter thus far (especially Eduardo "Sirdarckcat" Vela), and we welcome even more participation.>
  Looking at one of the sample database applications, i notice if i insert a script into the success message of the customers DML page, it works without issue. Upon further inspection, i see there is a new branch type - based on application item; and this doesn't post the success message in the URL which is likely why it is working.
  I can see this security measure is good to prevent XSS, but perhaps there is some other good way to handle allowing a script to be in the success message in a standard branch (it seems like a slight pain to force creating a page item to store the branch page)

  OK.. so i've just learned when creating a branch, if you change from the default 'Page or URL' to 'Page' there is one setting to branch using redirect. If you un select this, the success message also is not passed in the URL, causing no issue.

• Hacking Session Variables??

  I have a php MySQL CRM site with plenty of sensitive
  information..
  To protect this, I have a session based login system.
  Login page - checks password and assigns Username, UserGroup
  and Workgroup to session variables.
  Restricted pages - checks usergroup access level and
  workgroup id.
  I have heard that, if a hacker re-writes the cookie (didn't
  know sessions created a cookie) he can fool the server into
  thinking that he is using someone elses session and could therefore
  view, edit and delete those records normally protected.
  I know that Session data cannot be viewed or amended but this
  could pose a huge security issue.
  It has also been suggested that the user has to re-enter his
  password on each page but this is both unusual and would be a real
  pain for the user.
  Is there a simple way round this?

  .oO(RichardODreamweaver)
  >I have a php MySQL CRM site with plenty of sensitive
  information..
  >
  > To protect this, I have a session based login system.
  >
  > Login page - checks password and assigns Username,
  UserGroup and Workgroup to
  >session variables.
  >
  > Restricted pages - checks usergroup access level and
  workgroup id.
  >
  > I have heard that, if a hacker re-writes the cookie
  (didn't know sessions
  >created a cookie)
  The session ID can also be appended to the URLs, but using a
  cookie is
  the preferred and considered the more secure way.
  >he can fool the server into thinking that he is using
  someone
  >elses session and could therefore view, edit and delete
  those records normally
  >protected.
  Just some keywords for further reading:
  Hijacking a session by stealing the cookie usually requires
  an XSS
  attack (cross-site scripting). Try Wikipedia or Google for
  details and
  how to prevent that problem. This should be the first task,
  because XSS
  vulnerabilities are quite common and often the basis for many
  other
  kinds of attacks, including the following.
  Another not so known attack is called session fixation. The
  following
  paper goes quite into detail about it:
  http://www.acros.si/papers/session_fixation.pdf
  > I know that Session data cannot be viewed or amended but
  this could pose a
  >huge security issue.
  >
  > It has also been suggested that the user has to re-enter
  his password on each
  >page but this is both unusual and would be a real pain
  for the user.
  Agreed. The user would never come back. But it's quite common
  in bigger
  systems that the user has to re-enter the password before
  performing a
  critical action, for example before placing an order in a web
  shop or
  when changing his personal data.
  > Is there a simple way round this?
  Security is never simple. It just depends on how much
  security is
  needed.
  Micha

• Security scans of applications

  We are using FormsCentral for an application for a New York State program.  The state would like to run security scans on the form.  Who can we speak to to give the list of scans that they would like to run?

  New York State IT would like to run the following actions on a form that we want to open for people to fill out for a New York State program.
  They will be using a web vulnerability scanner:
  -Transport Support (Http,https)
  -XSS Vulnerabilities
  -4 Concurrent Connections
  -proper behavior of cookies
    They say this is very basic scanning.  They will not be trying to overload the system with a crawl or attack.

• WebHelp Search Displays Selected Topics Without Acknowledging LF

  I have a text document using UNIX style line breaks that I run through a parser to create multiple help topics.
  These topics display normally (see attached image) when called directly, rather than through WebHelp and when selected from the Contents or Index tabs. 
  However ,when selected through the search tabs, the LF character seems to be ignored. 
  Has anyone else seen this?  This feels like a bug.

  RoboHelp 10.0.0.287.  Sorry, that would have been useful to mention.
  I also wanted to add that it seems like the <pre> tag is being ignored.
  in our usage it is <PRE><SPAN> some text
  some text
  some text
  </SPAN></PRE>
  That should be preserved in the display, but for some reason isn't being preserved.
  -m

• An idea for rewriting AUR web-interface

  Hi
  I just checkout the aur.git, and i guess it's better to rewrite it in other technologies for better maintaining/features/bug-fixing and implementing other enhancement.
  For example nowadays web-applications shoulda be totally safe against XSS/CRSF, but couple of days ago aur experienced some XSS vulnerabilities, and so on..
  I'm not talking about the code or code styling or something no, those are fine. But something like php without any framework help, is totally disaster. also i'm not talking about using php-framework either
  If any plan is on, i really like to know about it.
  So what do you think ?
  Last edited by Alir3z4 (2012-02-23 21:23:30)

  Alir3z4 wrote:Hi
  I just checkout the aur.git, and i guess it's better to rewrite it in other technologies for better maintaining/features/bug-fixing and implementing other enhancement.
  For example nowadays web-applications shoulda be totally safe against XSS/CRSF, but couple of days ago aur experienced some XSS vulnerabilities, and so on..
  I'm not talking about the code or code styling or something no, those are fine. But something like php without any framework help, is totally disaster. also i'm not talking about using php-framework either
  If any plan is on, i really like to know about it.
  So what do you think ?
  "Should" be safe and "are" safe are extremely different. Tools like burpsuite and skipfish exist simply because csrf and xss vulnerabilities will always sneak in regardless of the framework you use. I suspect that you would be surprised at how many sites out there have numerous vulnerabilities. In particular, I'll point out that despite things like PCI compliance, banks are notorious for being years behind in terms of security.
  Regardless, rewriting the aur comes up pretty often. Sadly, I can't liken it to duke nukem forever anymore, bit hopefully you get the point. I encourage you to prove me wrong...

• Upgrading patch level in ITS

  Hi Friends,
                     I need to upgrade patch level from 28 to 33 as recommended by SAP ,so how to upgrade the patch and what needs to be taken care
  We need to apply because of we are facing some XSS VULNERABILITIES.
  So kindly let me know what needs to be done (procedure)
  Thanks in advance for the help,
  Thanks&Regards,
  Raj

  Hi,
  Please refer to ITS installation guide for patch installation process. Please note that these steps are for ITS 620.
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b040d0f8-a9e9-2a10-5a9c-a25098f7e096
  With Regards,
  Saurabh

• RoboHelp HTML Version 9 - what is the version for ehlpdhtm.js?

  We have been running pen tests looking for vulnerabilites on applications my company has created in order to be PCI certified. I built webhelp systems for these applications using RoboHTML v9.
  The pen test has indicated that ehlpdhtm.js is suspect with the following message:
  WebInspect detected the use of an ActiveX object. This could indicate a vulnerability is present if a vulnerable public version of the Microsoft Active Template was utilized. There are three vulnerabilities in the public versions of the Microsoft Active Template Library (ATL) included with Visual Studio. Applications and components created with these versions of ATL are vulnerable to remote code execution and information disclosure attacks. Visual Studio itself is not vulnerable to these issues. In these three vulnerabilities, ATL processes data incorrectly which can lead to memory corruption, information disclosure, and instantiation of objects without regard to security policy. After Visual Studio is patched, it will no longer create applications and components with these vulnerabilities. However, applications and components compiled using the vulnerable version of ATL need to be rebuilt with the safe version released by Microsoft. Recommendations include applying any relevant service pack or patch as listed in the Fix section, then recompiling and redistrubiting any software created prior to the update. If you have already applied the proper fix, then this vulnerability can safely be ignored.
  Explanation
  Any application compiled using the vulnerable active template could be subject to code execution and information disclosure vulnerabilities.
  What is the latest version of the ehlpdhtm.js file?
  The copyright inside the file is:
  // Dynamic HTML JavaScript
  // Copyright © 1998-2009 Adobe Systems Incorporated. All rights reserved.
  // Version=8.0
  If this is not the latest version, is there somewhere I can get the latest file? If not, I won't be able to use the dynamic html features of RoboHTML.

  If you have the latest patch installed (9.0.2), you have the latest version of ehlpdhtm.js. There was an XSS vulnerability fix for 9.0.1, but that is included in 9.0.2. From what I can see in my installation, version 8.0 is the latest version for RoboHelp 9.
  RoboHelp 11 has a newer version of the file, but the active x is still in there.
  I'm not a security expert. The ActiveX is used for supporting old versions of IE and CHM's. It should not be used by modern browsers. I've never heard of RoboHelp being abused in this way so I would deem it safe. But again, that's just my layman opinion.
  Kind regards,
  Willam

• Ordered and Unordered Lists viewed in WYSIWYG Editor in RoboHelp 10

  I recently upgraded a project from RH 9 (9.0.2.271) to RH 10 (10.0.0.287). Ordered and unordered lists display in the WYSIWYG Editor with more spacing around each line. When I generate the output to HTML Help, the spacing looks fine. I also tested generating output to WebHelp, and again, the output looks fine.
  I have paragraph and list styles defined in my style sheet that I apply to the text in the topic. I also looked at the styles in RH 10 and Media is set to "None."
  Using the Style Pod, I looked at the set up of the parapgraph and list styles. For those styles, (and my body text styles - which look fine in the WYSIWYG Editor) have spacing before and after spacing set. (NOTE: These styles were created in RH8 and the WYSIWYG Editor displayed the styles appropriately in RH8 and RH9.) Even though I changed the style sheet, the WYSIWYG Editor is still displaying more space around the styles then I am expecting.
  I know this is not a huge issue since the output looks fine, but I want to understand why the WYSIWYG Editor isn't working as I expect. I would like the editor to display with correct spacing.
  I attached a few screen captures showing what I see.
  HTML Help Output
  Thanks in advance for your help.

  I suspect part of the issue is that your list styles have spacing above and below and then you have applied paragraph styles that also have spacing above and below.
  Using both is OK and is how I work. However, I do not have any spacing above and below in my list styles. I rely on the paragraph style for that. It looks like Rh's Design Editor is applying both but browsers are not.
  It is still not quite the same in a browser as in Design Editor but it is much closer. There will also be browser differences anyway so it's a case of getting some balance.
  Try removing the before and after spacing in the list style. Alternatively, if you do not generate printed documentation then rely on the list style only. (Select the lists in a topic and set paragraph to None).
  Let us know if that is close enough.
  See www.grainge.org for RoboHelp and Authoring tips
  @petergrainge

• RoboHelp 9 - Enabling the cookie secure flag

  Hello All - Have a question about RoboHelp 9 and a security vulnerability.  We discovered a vulnerability in the webhelp output we produce so I am starting here.  The site requires authentication and then passes it into the page, so we believe that RoboHelp uses frames within its framework. The use of frames in authenticated sites is not recommended and as mentioned is a security vulnerability.
  The new version fixes the cross-site scripting vulnerability involving the query string (example.paychex.com/path?XSS) but introduces an equivalent vulnerability with the URL hash tag (example.site.com/path#XSS). Normally, anything after the hash tag is considered a “fragment identifier”, which is a reference to some position in the document. Seems the vulnerability is due to the enabling cookie secure flag.
  Has anyone heard of this?
  Thanks.
  Chris

  hi Chris,
  Adobe RoboHelp team is looking into issue, and will keep the user forum updated of the progress. In the mean time, can you please provide the following information
  Webserver configuration where the help output is published
  Authentication mechanism used by the webserver.
  Sample URL which contains XSS which on click shows some alert message or other vulnerability.
  Thanks
  Praful Jain
  Adobe RoboHelp Team