CVE-2008-7271: XSS
First published: Thu Jan 13 2011(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse | ||
| Eclipse | =3.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-7271?
CVE-2008-7271 has a moderate severity rating due to its potential for cross-site scripting (XSS) attacks.
How do I fix CVE-2008-7271?
To fix CVE-2008-7271, update to a patched version of Eclipse IDE that addresses this vulnerability.
What software is affected by CVE-2008-7271?
CVE-2008-7271 affects Eclipse IDE version 3.3.2 and possibly other versions of the Eclipse IDE.
What are the attack vectors for CVE-2008-7271?
Attackers can exploit CVE-2008-7271 by injecting scripts via the searchWord and workingSet parameters in the Help Contents web application.
Who can be affected by CVE-2008-7271?
Users of vulnerable versions of the Eclipse IDE may be affected by CVE-2008-7271 if they interact with the Help Server.
- agent/first-publish-date
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/weakness
- agent/softwarecombine
- vendor/eclipse
- canonical/eclipse
- version/eclipse/3.3.2