CVE-2008-7271

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
eclipseeclipse_ide
*
eclipseeclipse_ide
3.3.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eclipse
xenial
not-affected
wily
not-affected
vivid
ignored
utopic
ignored
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
not-affected
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
karmic
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html
https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539
http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html
https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539