CVE-2008-7271

EUVD-2008-7224
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
eclipseeclipse_ide
*
eclipseeclipse_ide
3.3.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eclipse
dapper
ignored
hardy
ignored
karmic
ignored
lucid
ignored
maverick
ignored
natty
ignored
oneiric
ignored
precise
not-affected
quantal
ignored
raring
ignored
saucy
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
not-affected
xenial
not-affected
Common Weakness Enumeration
References
http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html
https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539
http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html
https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539