Summary
This host is running Eclipse IDE is prone to multiple Cross-Site Scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected application.
Impact Level: Application.
Solution
Upgrade to Eclipse IDE Version 3.6.2 or later
For updates refer to http://www.eclipse.org/downloads/
Insight
- Input passed to the 'onload' parameter in 'help/index.jsp' and 'help/advanced/content.jsp' are not properly sanitised before being returned to the user.
Affected
Eclipse IDE Version 3.6.1 and prior
References
Severity
Classification
-
CVE CVE-2010-4647 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities