CVE-2010-4647

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-4647
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html
http://openwall.com/lists/oss-security/2011/01/06/16 Exploit
http://openwall.com/lists/oss-security/2011/01/06/7 Exploit
http://www.mandriva.com/security/advisories?name=MDVSA-2011:032
http://www.redhat.com/support/errata/RHSA-2011-0568.html
http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting
https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582
https://exchange.xforce.ibmcloud.com/vulnerabilities/64833
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:eclipse:eclipse_ide:*:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:1.0:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:2.0:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:2.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.0:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.2:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.3:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.4:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.5:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.6:m1:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.6:m2:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.6:m3:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.6:m4:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.6:m5:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.6:m6:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.6:m7:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.6:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.6:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.6:rc3:*:*:*:*:*:*
cpe:2.3:a:eclipse:eclipse_ide:3.6:rc4:*:*:*:*:*:*
History

13 Feb 2023, 03:20

Type Values Removed Values Added
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2011:0568', 'name': 'https://access.redhat.com/errata/RHSA-2011:0568', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=661901', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=661901', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2010-4647', 'name': 'https://access.redhat.com/security/cve/CVE-2010-4647', 'tags': [], 'refsource': 'MISC'}
Summary CVE-2010-4647 eclipse: Help Content web application vulnerable to multiple XSS Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.

02 Feb 2023, 17:17

Type Values Removed Values Added
Summary Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp. CVE-2010-4647 eclipse: Help Content web application vulnerable to multiple XSS
References
  • {'url': 'http://yehg.net/lab/pr0js/advisories/eclipse/[eclipse_help_server]_cross_site_scripting', 'name': 'http://yehg.net/lab/pr0js/advisories/eclipse/[eclipse_help_server]_cross_site_scripting', 'tags': ['Broken Link'], 'refsource': 'MISC'}
  • (MISC) https://access.redhat.com/errata/RHSA-2011:0568 -
  • (MISC) http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=661901 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2010-4647 -
Information

Published : 2011-01-13 19:00

Updated : 2023-12-10 11:03

NVD link : CVE-2010-4647

Mitre link : CVE-2010-4647

CVE.ORG link : CVE-2010-4647

JSON object : View

Products Affected

eclipse

  • eclipse_ide
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')