ID ROBOHELP_APSB11_09_REMOTE.NASL Type nessus Reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. Modified 2019-11-02T00:00:00
Description
The published RoboHelp project on the remote host contains a
cross-site scripting vulnerability in its wf_status.htm and wf_topicfs
files. An attacker may be able to leverage this issue to execute
arbitrary script code in the browser of an authenticated user in the
context of the affected site and to steal cookie-based authentication
credentials.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(54603);
script_version("1.7");
script_cvs_date("Date: 2018/11/15 20:50:20");
script_cve_id("CVE-2011-0613");
script_bugtraq_id(47839);
script_xref(name:"Secunia", value:"44480");
script_name(english:"Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (uncredentialed check)");
script_summary(english:"Checks for unpatched files");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application that is affected by a
cross-site scripting vulnerability.");
script_set_attribute(attribute:"description", value:
"The published RoboHelp project on the remote host contains a
cross-site scripting vulnerability in its wf_status.htm and wf_topicfs
files. An attacker may be able to leverage this issue to execute
arbitrary script code in the browser of an authenticated user in the
context of the affected site and to steal cookie-based authentication
credentials."
);
script_set_attribute(attribute:"see_also", value:"https://www.adobe.com/support/security/bulletins/apsb11-09.html");
script_set_attribute(attribute:"solution", value:"Apply the patch referenced in the vendor advisory above.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"vuln_publication_date", value:"2011/05/12");
script_set_attribute(attribute:"patch_publication_date", value:"2011/05/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/20");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:robohelp");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"exploited_by_nessus", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses : XSS");
script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
script_dependencies("webmirror.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("http.inc");
include("misc_func.inc");
include("webapp_func.inc");
# Get details of the web server.
port = get_http_port(default:80);
htms = get_kb_list("www/" + port + "/content/extensions/htm");
# We cannot directly test the XSS since it's created by JavaScript
# document.write() calls. So we detect the generating code itself.
vuln = FALSE;
foreach htm (htms)
{
# Skip pages that don't have the filename we're looking for.
if (htm !~ "wf_status.htm$") continue;
# Try to pull down one of the vulnerable files.
res = http_send_recv3(
method : "GET",
item : htm,
port : port,
exit_on_fail : TRUE
);
# Ensure that the HTML file has a couple things in it that are likely to be
# unique to the vulnerable file we're looking for.
if (
'sHtml += " ";' >!< res[2] ||
'strObject += "<PARAM NAME=\'movie\' VALUE=\'"+status_swf+"\'>";' >!< res[2]
) continue;
vuln = TRUE;
break;
}
if (!vuln) exit(0, "No vulnerable RoboHelp installs were detected.");
set_kb_item(name:"www/"+port+"/XSS", value:TRUE);
if (report_verbosity > 0)
{
xss = "?gsStatusSwf='></embed><script>alert('XSS');</script>";
report =
'\nNessus was able to detect the issue, but could not directly test for it.' +
'\nWeb browsers that support JavaScript can trigger the issue by using the' +
'\nfollowing request :' +
'\n' +
'\n ' + build_url(port:port, qs:htm + xss) +
'\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
{"id": "ROBOHELP_APSB11_09_REMOTE.NASL", "bulletinFamily": "scanner", "title": "Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (uncredentialed check)", "description": "The published RoboHelp project on the remote host contains a\ncross-site scripting vulnerability in its wf_status.htm and wf_topicfs\nfiles. An attacker may be able to leverage this issue to execute\narbitrary script code in the browser of an authenticated user in the\ncontext of the affected site and to steal cookie-based authentication\ncredentials.", "published": "2011-05-20T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/54603", "reporter": "This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.", "references": ["https://www.adobe.com/support/security/bulletins/apsb11-09.html"], "cvelist": ["CVE-2011-0613"], "type": "nessus", "lastseen": "2019-11-01T03:29:32", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:adobe:robohelp"], "cvelist": ["CVE-2011-0613"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The published RoboHelp project on the remote host contains a cross-site scripting vulnerability in its wf_status.htm and wf_topicfs files. An attacker may be able to leverage this issue to execute arbitrary script code in the browser of an authenticated user in the context of the affected site and to steal cookie-based authentication credentials.", "edition": 3, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "cab769584160694f7f9aea36a5d598d342666a2bf02b7730b93fc64feaacecdc", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "617c66c9b5be7e560192fedee4de8cca", "key": "published"}, {"hash": "9570f8e4e9af170494f007d8a35f0a26", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "0f7f8999bc964e1fa0d846784e4bbad7", "key": "description"}, {"hash": "1996d1f9ff25c71b1a33d97040f43c5f", "key": "href"}, {"hash": "61e021375865ee20d8f9e2562510b86f", "key": "naslFamily"}, {"hash": "34bf2bca4810f7504139c504b1e69e7c", "key": "title"}, {"hash": "2347ada13c882e83172f8f20ed642c84", "key": "cpe"}, {"hash": "af684d2b4bed44d84773fee2abc69119", "key": "cvelist"}, {"hash": "39fcb4479f54af1c5d0f62912fa5bd25", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be79b2a35533a590b214b17a728f4c93", "key": "sourceData"}, {"hash": "5355eca0186891c22df03dbc0e67bee9", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=54603", "id": "ROBOHELP_APSB11_09_REMOTE.NASL", "lastseen": "2018-07-30T13:42:10", "modified": "2018-07-27T00:00:00", "naslFamily": "CGI abuses : XSS", "objectVersion": "1.3", "pluginID": "54603", "published": "2011-05-20T00:00:00", "references": ["http://www.adobe.com/support/security/bulletins/apsb11-09.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(54603);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/27 18:38:14\");\n\n script_cve_id(\"CVE-2011-0613\");\n script_bugtraq_id(47839);\n script_xref(name:\"Secunia\", value:\"44480\");\n\n script_name(english:\"Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (uncredentialed check)\");\n script_summary(english:\"Checks for unpatched files\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by a\ncross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The published RoboHelp project on the remote host contains a\ncross-site scripting vulnerability in its wf_status.htm and wf_topicfs\nfiles. An attacker may be able to leverage this issue to execute\narbitrary script code in the browser of an authenticated user in the\ncontext of the affected site and to steal cookie-based authentication\ncredentials.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-09.html\");\n script_set_attribute(attribute:\"solution\", value:\"Apply the patch referenced in the vendor advisory above.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/20\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:robohelp\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"webmirror.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"http.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"webapp_func.inc\");\n\n# Get details of the web server.\nport = get_http_port(default:80);\nhtms = get_kb_list(\"www/\" + port + \"/content/extensions/htm\");\n\n# We cannot directly test the XSS since it's created by JavaScript\n# document.write() calls. So we detect the generating code itself.\nvuln = FALSE;\nforeach htm (htms)\n{\n # Skip pages that don't have the filename we're looking for.\n if (htm !~ \"wf_status.htm$\") continue;\n\n # Try to pull down one of the vulnerable files.\n res = http_send_recv3(\n method : \"GET\",\n item : htm,\n port : port,\n exit_on_fail : TRUE\n );\n\n # Ensure that the HTML file has a couple things in it that are likely to be\n # unique to the vulnerable file we're looking for.\n if (\n 'sHtml += \" \";' >!< res[2] ||\n 'strObject += \"<PARAM NAME=\\'movie\\' VALUE=\\'\"+status_swf+\"\\'>\";' >!< res[2]\n ) continue;\n\n vuln = TRUE;\n break;\n}\nif (!vuln) exit(0, \"No vulnerable RoboHelp installs were detected.\");\n\nset_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n\nif (report_verbosity > 0)\n{\n xss = \"?gsStatusSwf='></embed><script>alert('XSS');</script>\";\n report =\n '\\nNessus was able to detect the issue, but could not directly test for it.' +\n '\\nWeb browsers that support JavaScript can trigger the issue by using the' +\n '\\nfollowing request :' +\n '\\n' +\n '\\n ' + build_url(port:port, qs:htm + xss) +\n '\\n';\n\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "title": "Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (uncredentialed check)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-30T13:42:10"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:adobe:robohelp"], "cvelist": ["CVE-2011-0613"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The published RoboHelp project on the remote host contains a cross-site scripting vulnerability in its wf_status.htm and wf_topicfs files. An attacker may be able to leverage this issue to execute arbitrary script code in the browser of an authenticated user in the context of the affected site and to steal cookie-based authentication credentials.", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-02-21T01:14:58", "references": [{"idList": ["ROBOHELP_APSB11_09.NASL"], "type": "nessus"}, {"idList": ["CVE-2011-0613"], "type": "cve"}]}, "score": {"modified": "2019-02-21T01:14:58", "value": 4.8, "vector": "NONE"}}, "hash": "26a8426c6c344902569c60207be0adaf18f7c0700d721894b9c87469b762dfc8", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "617c66c9b5be7e560192fedee4de8cca", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "0f7f8999bc964e1fa0d846784e4bbad7", "key": "description"}, {"hash": "1996d1f9ff25c71b1a33d97040f43c5f", "key": "href"}, {"hash": "61e021375865ee20d8f9e2562510b86f", "key": "naslFamily"}, {"hash": "34bf2bca4810f7504139c504b1e69e7c", "key": "title"}, {"hash": "2347ada13c882e83172f8f20ed642c84", "key": "cpe"}, {"hash": "af684d2b4bed44d84773fee2abc69119", "key": "cvelist"}, {"hash": "39fcb4479f54af1c5d0f62912fa5bd25", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "56f1161417dd231575206337efecb7ae", "key": "references"}, {"hash": "6edddc9124d4d966c64842d71c1db567", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=54603", "id": "ROBOHELP_APSB11_09_REMOTE.NASL", "lastseen": "2019-02-21T01:14:58", "modified": "2018-11-15T00:00:00", "naslFamily": "CGI abuses : XSS", "objectVersion": "1.3", "pluginID": "54603", "published": "2011-05-20T00:00:00", "references": ["https://www.adobe.com/support/security/bulletins/apsb11-09.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(54603);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/15 20:50:20\");\n\n script_cve_id(\"CVE-2011-0613\");\n script_bugtraq_id(47839);\n script_xref(name:\"Secunia\", value:\"44480\");\n\n script_name(english:\"Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (uncredentialed check)\");\n script_summary(english:\"Checks for unpatched files\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by a\ncross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The published RoboHelp project on the remote host contains a\ncross-site scripting vulnerability in its wf_status.htm and wf_topicfs\nfiles. An attacker may be able to leverage this issue to execute\narbitrary script code in the browser of an authenticated user in the\ncontext of the affected site and to steal cookie-based authentication\ncredentials.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.adobe.com/support/security/bulletins/apsb11-09.html\");\n script_set_attribute(attribute:\"solution\", value:\"Apply the patch referenced in the vendor advisory above.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/20\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:robohelp\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"webmirror.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"http.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"webapp_func.inc\");\n\n# Get details of the web server.\nport = get_http_port(default:80);\nhtms = get_kb_list(\"www/\" + port + \"/content/extensions/htm\");\n\n# We cannot directly test the XSS since it's created by JavaScript\n# document.write() calls. So we detect the generating code itself.\nvuln = FALSE;\nforeach htm (htms)\n{\n # Skip pages that don't have the filename we're looking for.\n if (htm !~ \"wf_status.htm$\") continue;\n\n # Try to pull down one of the vulnerable files.\n res = http_send_recv3(\n method : \"GET\",\n item : htm,\n port : port,\n exit_on_fail : TRUE\n );\n\n # Ensure that the HTML file has a couple things in it that are likely to be\n # unique to the vulnerable file we're looking for.\n if (\n 'sHtml += \" \";' >!< res[2] ||\n 'strObject += \"<PARAM NAME=\\'movie\\' VALUE=\\'\"+status_swf+\"\\'>\";' >!< res[2]\n ) continue;\n\n vuln = TRUE;\n break;\n}\nif (!vuln) exit(0, \"No vulnerable RoboHelp installs were detected.\");\n\nset_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n\nif (report_verbosity > 0)\n{\n xss = \"?gsStatusSwf='></embed><script>alert('XSS');</script>\";\n report =\n '\\nNessus was able to detect the issue, but could not directly test for it.' +\n '\\nWeb browsers that support JavaScript can trigger the issue by using the' +\n '\\nfollowing request :' +\n '\\n' +\n '\\n ' + build_url(port:port, qs:htm + xss) +\n '\\n';\n\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "title": "Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (uncredentialed check)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss", "description", "reporter", "modified", "href"], "edition": 8, "lastseen": "2019-02-21T01:14:58"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:adobe:robohelp"], "cvelist": ["CVE-2011-0613"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The published RoboHelp project on the remote host contains a cross-site scripting vulnerability in its wf_status.htm and wf_topicfs files. An attacker may be able to leverage this issue to execute arbitrary script code in the browser of an authenticated user in the context of the affected site and to steal cookie-based authentication credentials.", "edition": 6, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "26a8426c6c344902569c60207be0adaf18f7c0700d721894b9c87469b762dfc8", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "617c66c9b5be7e560192fedee4de8cca", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "015cb78ce50d3bd4e2fbe18f25603329", "key": "modified"}, {"hash": "0f7f8999bc964e1fa0d846784e4bbad7", "key": "description"}, {"hash": "1996d1f9ff25c71b1a33d97040f43c5f", "key": "href"}, {"hash": "61e021375865ee20d8f9e2562510b86f", "key": "naslFamily"}, {"hash": "34bf2bca4810f7504139c504b1e69e7c", "key": "title"}, {"hash": "2347ada13c882e83172f8f20ed642c84", "key": "cpe"}, {"hash": "af684d2b4bed44d84773fee2abc69119", "key": "cvelist"}, {"hash": "39fcb4479f54af1c5d0f62912fa5bd25", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "56f1161417dd231575206337efecb7ae", "key": "references"}, {"hash": "6edddc9124d4d966c64842d71c1db567", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=54603", "id": "ROBOHELP_APSB11_09_REMOTE.NASL", "lastseen": "2018-11-17T02:53:29", "modified": "2018-11-15T00:00:00", "naslFamily": "CGI abuses : XSS", "objectVersion": "1.3", "pluginID": "54603", "published": "2011-05-20T00:00:00", "references": ["https://www.adobe.com/support/security/bulletins/apsb11-09.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(54603);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/15 20:50:20\");\n\n script_cve_id(\"CVE-2011-0613\");\n script_bugtraq_id(47839);\n script_xref(name:\"Secunia\", value:\"44480\");\n\n script_name(english:\"Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (uncredentialed check)\");\n script_summary(english:\"Checks for unpatched files\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by a\ncross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The published RoboHelp project on the remote host contains a\ncross-site scripting vulnerability in its wf_status.htm and wf_topicfs\nfiles. An attacker may be able to leverage this issue to execute\narbitrary script code in the browser of an authenticated user in the\ncontext of the affected site and to steal cookie-based authentication\ncredentials.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.adobe.com/support/security/bulletins/apsb11-09.html\");\n script_set_attribute(attribute:\"solution\", value:\"Apply the patch referenced in the vendor advisory above.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/20\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:robohelp\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"webmirror.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"http.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"webapp_func.inc\");\n\n# Get details of the web server.\nport = get_http_port(default:80);\nhtms = get_kb_list(\"www/\" + port + \"/content/extensions/htm\");\n\n# We cannot directly test the XSS since it's created by JavaScript\n# document.write() calls. So we detect the generating code itself.\nvuln = FALSE;\nforeach htm (htms)\n{\n # Skip pages that don't have the filename we're looking for.\n if (htm !~ \"wf_status.htm$\") continue;\n\n # Try to pull down one of the vulnerable files.\n res = http_send_recv3(\n method : \"GET\",\n item : htm,\n port : port,\n exit_on_fail : TRUE\n );\n\n # Ensure that the HTML file has a couple things in it that are likely to be\n # unique to the vulnerable file we're looking for.\n if (\n 'sHtml += \" \";' >!< res[2] ||\n 'strObject += \"<PARAM NAME=\\'movie\\' VALUE=\\'\"+status_swf+\"\\'>\";' >!< res[2]\n ) continue;\n\n vuln = TRUE;\n break;\n}\nif (!vuln) exit(0, \"No vulnerable RoboHelp installs were detected.\");\n\nset_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n\nif (report_verbosity > 0)\n{\n xss = \"?gsStatusSwf='></embed><script>alert('XSS');</script>\";\n report =\n '\\nNessus was able to detect the issue, but could not directly test for it.' +\n '\\nWeb browsers that support JavaScript can trigger the issue by using the' +\n '\\nfollowing request :' +\n '\\n' +\n '\\n ' + build_url(port:port, qs:htm + xss) +\n '\\n';\n\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "title": "Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (uncredentialed check)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 6, "lastseen": "2018-11-17T02:53:29"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2011-0613"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "The published RoboHelp project on the remote host contains a cross-site scripting vulnerability in its wf_status.htm and wf_topicfs files. An attacker may be able to leverage this issue to execute arbitrary script code in the browser of an authenticated user in the context of the affected site and to steal cookie-based authentication credentials.", "edition": 1, "enchantments": {}, "hash": "a3aa9386a3387200023ab5d97472534e5d792fdf6196ecf684b1af48e12783d6", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "617c66c9b5be7e560192fedee4de8cca", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "0f7f8999bc964e1fa0d846784e4bbad7", "key": "description"}, {"hash": "1996d1f9ff25c71b1a33d97040f43c5f", "key": "href"}, {"hash": "61e021375865ee20d8f9e2562510b86f", "key": "naslFamily"}, {"hash": "34bf2bca4810f7504139c504b1e69e7c", "key": "title"}, {"hash": "af684d2b4bed44d84773fee2abc69119", "key": "cvelist"}, {"hash": "39fcb4479f54af1c5d0f62912fa5bd25", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "8caf00705c94b6cf43cfe59fa087ad5d", "key": "sourceData"}, {"hash": "70dc9f80fbc2eddba759f70161a0fd83", "key": "modified"}, {"hash": "5355eca0186891c22df03dbc0e67bee9", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=54603", "id": "ROBOHELP_APSB11_09_REMOTE.NASL", "lastseen": "2016-09-26T17:23:44", "modified": "2015-09-24T00:00:00", "naslFamily": "CGI abuses : XSS", "objectVersion": "1.2", "pluginID": "54603", "published": "2011-05-20T00:00:00", "references": ["http://www.adobe.com/support/security/bulletins/apsb11-09.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(54603);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2015/09/24 23:21:20 $\");\n\n script_cve_id(\"CVE-2011-0613\");\n script_bugtraq_id(47839);\n script_osvdb_id(72317);\n script_xref(name:\"Secunia\", value:\"44480\");\n\n script_name(english:\"Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (uncredentialed check)\");\n script_summary(english:\"Checks for unpatched files\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by a\ncross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The published RoboHelp project on the remote host contains a\ncross-site scripting vulnerability in its wf_status.htm and wf_topicfs\nfiles. An attacker may be able to leverage this issue to execute\narbitrary script code in the browser of an authenticated user in the\ncontext of the affected site and to steal cookie-based authentication\ncredentials.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-09.html\");\n script_set_attribute(attribute:\"solution\", value:\"Apply the patch referenced in the vendor advisory above.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/20\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:robohelp\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.\");\n\n script_dependencies(\"webmirror.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"http.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"webapp_func.inc\");\n\n# Get details of the web server.\nport = get_http_port(default:80);\nhtms = get_kb_list(\"www/\" + port + \"/content/extensions/htm\");\n\n# We cannot directly test the XSS since it's created by JavaScript\n# document.write() calls. So we detect the generating code itself.\nvuln = FALSE;\nforeach htm (htms)\n{\n # Skip pages that don't have the filename we're looking for.\n if (htm !~ \"wf_status.htm$\") continue;\n\n # Try to pull down one of the vulnerable files.\n res = http_send_recv3(\n method : \"GET\",\n item : htm,\n port : port,\n exit_on_fail : TRUE\n );\n\n # Ensure that the HTML file has a couple things in it that are likely to be\n # unique to the vulnerable file we're looking for.\n if (\n 'sHtml += \" \";' >!< res[2] ||\n 'strObject += \"<PARAM NAME=\\'movie\\' VALUE=\\'\"+status_swf+\"\\'>\";' >!< res[2]\n ) continue;\n\n vuln = TRUE;\n break;\n}\nif (!vuln) exit(0, \"No vulnerable RoboHelp installs were detected.\");\n\nset_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n\nif (report_verbosity > 0)\n{\n xss = \"?gsStatusSwf='></embed><script>alert('XSS');</script>\";\n report =\n '\\nNessus was able to detect the issue, but could not directly test for it.' +\n '\\nWeb browsers that support JavaScript can trigger the issue by using the' +\n '\\nfollowing request :' +\n '\\n' +\n '\\n ' + build_url(port:port, qs:htm + xss) +\n '\\n';\n\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "title": "Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (uncredentialed check)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:44"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:adobe:robohelp"], "cvelist": ["CVE-2011-0613"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "description": "The published RoboHelp project on the remote host contains a\ncross-site scripting vulnerability in its wf_status.htm and wf_topicfs\nfiles. An attacker may be able to leverage this issue to execute\narbitrary script code in the browser of an authenticated user in the\ncontext of the affected site and to steal cookie-based authentication\ncredentials.", "edition": 9, "enchantments": {"dependencies": {"modified": "2019-10-28T21:16:39", "references": [{"idList": ["ROBOHELP_APSB11_09.NASL"], "type": "nessus"}, {"idList": ["CVE-2011-0613"], "type": "cve"}]}, "score": {"modified": "2019-10-28T21:16:39", "value": 4.8, "vector": "NONE"}}, "hash": "2b41e9c0027e64de7c90459963cc94c90154361f15344f6aaa3f5f5e73dadc7e", "hashmap": [{"hash": "617c66c9b5be7e560192fedee4de8cca", "key": "published"}, {"hash": "88dcb03e3f52550eafca0f7109ea400c", "key": "href"}, {"hash": "61e021375865ee20d8f9e2562510b86f", "key": "naslFamily"}, {"hash": "da72060c7794b4bae8f26a9b3a3f9ccc", "key": "description"}, {"hash": "34bf2bca4810f7504139c504b1e69e7c", "key": "title"}, {"hash": "2347ada13c882e83172f8f20ed642c84", "key": "cpe"}, {"hash": "af684d2b4bed44d84773fee2abc69119", "key": "cvelist"}, {"hash": "39fcb4479f54af1c5d0f62912fa5bd25", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "33343e1ae53d3b18311f8f7cae2b7529", "key": "reporter"}, {"hash": "56f1161417dd231575206337efecb7ae", "key": "references"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "6edddc9124d4d966c64842d71c1db567", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/54603", "id": "ROBOHELP_APSB11_09_REMOTE.NASL", "lastseen": "2019-10-28T21:16:39", "modified": "2019-10-02T00:00:00", "naslFamily": "CGI abuses : XSS", "objectVersion": "1.3", "pluginID": "54603", "published": "2011-05-20T00:00:00", "references": ["https://www.adobe.com/support/security/bulletins/apsb11-09.html"], "reporter": "This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(54603);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/15 20:50:20\");\n\n script_cve_id(\"CVE-2011-0613\");\n script_bugtraq_id(47839);\n script_xref(name:\"Secunia\", value:\"44480\");\n\n script_name(english:\"Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (uncredentialed check)\");\n script_summary(english:\"Checks for unpatched files\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by a\ncross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The published RoboHelp project on the remote host contains a\ncross-site scripting vulnerability in its wf_status.htm and wf_topicfs\nfiles. An attacker may be able to leverage this issue to execute\narbitrary script code in the browser of an authenticated user in the\ncontext of the affected site and to steal cookie-based authentication\ncredentials.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.adobe.com/support/security/bulletins/apsb11-09.html\");\n script_set_attribute(attribute:\"solution\", value:\"Apply the patch referenced in the vendor advisory above.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/20\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:robohelp\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"webmirror.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"http.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"webapp_func.inc\");\n\n# Get details of the web server.\nport = get_http_port(default:80);\nhtms = get_kb_list(\"www/\" + port + \"/content/extensions/htm\");\n\n# We cannot directly test the XSS since it's created by JavaScript\n# document.write() calls. So we detect the generating code itself.\nvuln = FALSE;\nforeach htm (htms)\n{\n # Skip pages that don't have the filename we're looking for.\n if (htm !~ \"wf_status.htm$\") continue;\n\n # Try to pull down one of the vulnerable files.\n res = http_send_recv3(\n method : \"GET\",\n item : htm,\n port : port,\n exit_on_fail : TRUE\n );\n\n # Ensure that the HTML file has a couple things in it that are likely to be\n # unique to the vulnerable file we're looking for.\n if (\n 'sHtml += \" \";' >!< res[2] ||\n 'strObject += \"<PARAM NAME=\\'movie\\' VALUE=\\'\"+status_swf+\"\\'>\";' >!< res[2]\n ) continue;\n\n vuln = TRUE;\n break;\n}\nif (!vuln) exit(0, \"No vulnerable RoboHelp installs were detected.\");\n\nset_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n\nif (report_verbosity > 0)\n{\n xss = \"?gsStatusSwf='></embed><script>alert('XSS');</script>\";\n report =\n '\\nNessus was able to detect the issue, but could not directly test for it.' +\n '\\nWeb browsers that support JavaScript can trigger the issue by using the' +\n '\\nfollowing request :' +\n '\\n' +\n '\\n ' + build_url(port:port, qs:htm + xss) +\n '\\n';\n\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "title": "Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (uncredentialed check)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 9, "lastseen": "2019-10-28T21:16:39"}], "edition": 10, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "2347ada13c882e83172f8f20ed642c84"}, {"key": "cvelist", "hash": "af684d2b4bed44d84773fee2abc69119"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "description", "hash": "da72060c7794b4bae8f26a9b3a3f9ccc"}, {"key": "href", "hash": "88dcb03e3f52550eafca0f7109ea400c"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "61e021375865ee20d8f9e2562510b86f"}, {"key": "pluginID", "hash": "39fcb4479f54af1c5d0f62912fa5bd25"}, {"key": "published", "hash": "617c66c9b5be7e560192fedee4de8cca"}, {"key": "references", "hash": "56f1161417dd231575206337efecb7ae"}, {"key": "reporter", "hash": "33343e1ae53d3b18311f8f7cae2b7529"}, {"key": "sourceData", "hash": "6edddc9124d4d966c64842d71c1db567"}, {"key": "title", "hash": "34bf2bca4810f7504139c504b1e69e7c"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "e81a813746122cb02938f3bff53a7af0dcb090b87ea7180f32218b29159e5ca0", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-0613"]}, {"type": "nessus", "idList": ["ROBOHELP_APSB11_09.NASL"]}], "modified": "2019-11-01T03:29:32"}, "score": {"value": 4.8, "vector": "NONE", "modified": "2019-11-01T03:29:32"}, "vulnersScore": 4.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(54603);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/15 20:50:20\");\n\n script_cve_id(\"CVE-2011-0613\");\n script_bugtraq_id(47839);\n script_xref(name:\"Secunia\", value:\"44480\");\n\n script_name(english:\"Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (uncredentialed check)\");\n script_summary(english:\"Checks for unpatched files\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by a\ncross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The published RoboHelp project on the remote host contains a\ncross-site scripting vulnerability in its wf_status.htm and wf_topicfs\nfiles. An attacker may be able to leverage this issue to execute\narbitrary script code in the browser of an authenticated user in the\ncontext of the affected site and to steal cookie-based authentication\ncredentials.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.adobe.com/support/security/bulletins/apsb11-09.html\");\n script_set_attribute(attribute:\"solution\", value:\"Apply the patch referenced in the vendor advisory above.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/20\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:robohelp\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"exploited_by_nessus\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"webmirror.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"http.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"webapp_func.inc\");\n\n# Get details of the web server.\nport = get_http_port(default:80);\nhtms = get_kb_list(\"www/\" + port + \"/content/extensions/htm\");\n\n# We cannot directly test the XSS since it's created by JavaScript\n# document.write() calls. So we detect the generating code itself.\nvuln = FALSE;\nforeach htm (htms)\n{\n # Skip pages that don't have the filename we're looking for.\n if (htm !~ \"wf_status.htm$\") continue;\n\n # Try to pull down one of the vulnerable files.\n res = http_send_recv3(\n method : \"GET\",\n item : htm,\n port : port,\n exit_on_fail : TRUE\n );\n\n # Ensure that the HTML file has a couple things in it that are likely to be\n # unique to the vulnerable file we're looking for.\n if (\n 'sHtml += \" \";' >!< res[2] ||\n 'strObject += \"<PARAM NAME=\\'movie\\' VALUE=\\'\"+status_swf+\"\\'>\";' >!< res[2]\n ) continue;\n\n vuln = TRUE;\n break;\n}\nif (!vuln) exit(0, \"No vulnerable RoboHelp installs were detected.\");\n\nset_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n\nif (report_verbosity > 0)\n{\n xss = \"?gsStatusSwf='></embed><script>alert('XSS');</script>\";\n report =\n '\\nNessus was able to detect the issue, but could not directly test for it.' +\n '\\nWeb browsers that support JavaScript can trigger the issue by using the' +\n '\\nfollowing request :' +\n '\\n' +\n '\\n ' + build_url(port:port, qs:htm + xss) +\n '\\n';\n\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "naslFamily": "CGI abuses : XSS", "pluginID": "54603", "cpe": ["cpe:/a:adobe:robohelp"], "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:11:06", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/.", "modified": "2011-05-25T04:00:00", "id": "CVE-2011-0613", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0613", "published": "2011-05-16T17:55:00", "title": "CVE-2011-0613", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2019-11-01T03:29:32", "bulletinFamily": "scanner", "description": "The version of RoboHelp on the remote host contains a cross-site\nscripting vulnerability in its FlashHelp and FlashHelp Pro output. An\nattacker may be able to leverage this issue to execute arbitrary\nscript code in the browser of an authenticated user in the context of\nthe affected site and to steal cookie-based authentication\ncredentials.\n\nNote that this plugin checks for a version of RoboHelp that would\ngenerate FlashHelp and FlashHelp Pro projects with a cross-site\nscripting vulnerability rather than published projects with the\nvulnerability.", "modified": "2019-11-02T00:00:00", "id": "ROBOHELP_APSB11_09.NASL", "href": "https://www.tenable.com/plugins/nessus/54602", "published": "2011-05-20T00:00:00", "title": "Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (credentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(54602);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\n\n script_cve_id(\"CVE-2011-0613\");\n script_bugtraq_id(47839);\n script_xref(name:\"Secunia\", value:\"44480\");\n\n script_name(english:\"Adobe RoboHelp FlashHelp Unspecified XSS (APSB11-09) (credentialed check)\");\n script_summary(english:\"Checks for patched files\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by a\ncross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of RoboHelp on the remote host contains a cross-site\nscripting vulnerability in its FlashHelp and FlashHelp Pro output. An\nattacker may be able to leverage this issue to execute arbitrary\nscript code in the browser of an authenticated user in the context of\nthe affected site and to steal cookie-based authentication\ncredentials.\n\nNote that this plugin checks for a version of RoboHelp that would\ngenerate FlashHelp and FlashHelp Pro projects with a cross-site\nscripting vulnerability rather than published projects with the\nvulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.adobe.com/support/security/bulletins/apsb11-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the patch referenced in the vendor advisory above. Once the\npatch is applied, all FlashHelp and FlashHelp Pro files need to be\nregenerated.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/20\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:robohelp\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\n# Connect to the appropriate share.\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif(! smb_session_init()) audit(AUDIT_FN_FAIL, \"smb_session_init\");\n\n# Connect to IPC share.\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL,\"IPC$\");\n}\n\n# Connect to remote registry.\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n NetUseDel();\n audit(AUDIT_REG_FAIL);\n}\n\n# Get the installation path from the registry.\nbase = NULL;\nkey1 = \"SOFTWARE\\Adobe\\RoboHTML\";\nkey1_h = RegOpenKey(handle:hklm, key:key1, mode:MAXIMUM_ALLOWED);\nif (!isnull(key1_h))\n{\n # Information is stored in a sub-key named w/ version number.\n info = RegQueryInfoKey(handle:key1_h);\n for (i = 0; i < info[1]; i++)\n {\n # Ignore subkeys that don't look like version numbers.\n version = RegEnumKey(handle:key1_h, index:i);\n if (!strlen(version) || version !~ \"^[78]+\\.\") continue;\n\n # Open up key for RoboHTML's installed version.\n key2 = key1 + \"\\\" + version;\n key2_h = RegOpenKey(handle:hklm, key:key2, mode:MAXIMUM_ALLOWED);\n if (!isnull(key2_h))\n {\n item = RegQueryValue(handle:key2_h, item:\"InstallFolder\");\n if (!isnull(item))\n base = ereg_replace(string:item[1], pattern:\"^(.+)\\\\$\", replace:\"\\1\");\n RegCloseKey(handle:key2_h);\n }\n\n if (!isnull(base)) break;\n }\n RegCloseKey(handle:key1_h);\n}\n\n# Clean up.\nRegCloseKey(handle:hklm);\nNetUseDel(close:FALSE);\n\n# Check if RoboHelp is installed.\nif (isnull(base))\n{\n NetUseDel();\n exit(0, \"RoboHelp 7 or 8 does not appear to be installed.\");\n}\n\n# Split the software's location into components.\nshare = ereg_replace(string:base, pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\");\npath = ereg_replace(string:base, pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\");\ndir = \"\\RoboHTML\\WildFireExt\\template_stock\";\npath_status = dir + \"\\wf_status.htm\";\n\n# Connect to the share software is installed on.\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif (rc != 1)\n{\n NetUseDel();\n audit(AUDIT_SHARE_FAIL,share);\n}\n\n# Try and read one of the affected files.\nblob = NULL;\nfh = CreateFile(\n file:path + path_status,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING\n);\nif (!isnull(fh))\n{\n len = GetFileSize(handle:fh);\n if (len)\n blob = ReadFile(handle:fh, length:len, offset:0);\n CloseFile(handle:fh);\n}\n\n# Clean up.\nNetUseDel();\n\n# Ensure that the HTML file actually existed.\nif (isnull(blob))\n exit(1, \"RoboHelp \" + version + \" does not appear to be fully installed.\");\n\n# Ensure that the HTML file has a couple things in it that are likely to be\n# unique to the vulnerable file we're looking for.\nif ('sHtml += \" \";' >!< blob)\n exit(0, \"RoboHelp \" + version + \" on the remote host does not appear to be affected.\");\nif ('strObject += \"<PARAM NAME=\\'movie\\' VALUE=\\'\"+status_swf+\"\\'>\";' >!< blob)\n exit(0, \"RoboHelp \" + version + \" on the remote host has been fixed and is not affected.\");\n\n# Report our findings.\nset_kb_item(name:\"www/0/XSS\", value:TRUE);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Path : ' + base +\n '\\n Installed version : ' + version +\n '\\n';\n security_warning(port:port, extra:report);\n}\nelse security_warning(port);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
