CVE-2010-4647 Information

Feb 14, 2021 cve

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html http://openwall.com/lists/oss-security/2011/01/06/16 http://openwall.com/lists/oss-security/2011/01/06/7 http://www.mandriva.com/security/advisories?name=MDVSA-2011:032 http://www.redhat.com/support/errata/RHSA-2011-0568.html http://yehg.net/lab/pr0js/advisories/eclipse/[eclipse_help_server]_cross_site_scripting https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582 https://exchange.xforce.ibmcloud.com/vulnerabilities/64833

Share on: