Eclipse IDE Help Contents Multiple Cross-site Scripting Vulnerabilities Network Vulnerability

Summary

This host is running Eclipse IDE is prone to multiple Cross-Site Scripting vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected application. Impact Level: Application.

Solution

Upgrade to Eclipse IDE Version 3.6.2 or later For updates refer to http://www.eclipse.org/downloads/

Insight

- Input passed to the 'searchWord' parameter in 'help/advanced/searchView.jsp' and 'workingSet' parameter in 'help/advanced/workingSetManager.jsp' are not properly sanitised before being returned to the user.

Affected

Eclipse IDE Version 3.3.2

References

http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7271

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
Allaire JRun directory browsing vulnerability
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities

Take action and discover your vulnerabilities