Summary
This host is running Eclipse IDE is prone to multiple Cross-Site Scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected application.
Impact Level: Application.
Solution
Upgrade to Eclipse IDE Version 3.6.2 or later
For updates refer to http://www.eclipse.org/downloads/
Insight
- Input passed to the 'searchWord' parameter in 'help/advanced/searchView.jsp' and 'workingSet' parameter in 'help/advanced/workingSetManager.jsp' are not properly sanitised before being returned to the user.
Affected
Eclipse IDE Version 3.3.2
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-7271 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities