First published: Thu Jan 13 2011(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Eclipse | =3.6-m5 | |
Eclipse | =3.0 | |
Eclipse | =3.2 | |
Eclipse | =2.1.2 | |
Eclipse | =3.1 | |
Eclipse | =3.3 | |
Eclipse | =3.1.2 | |
Eclipse | =3.4.1 | |
Eclipse | =2.0 | |
Eclipse | =2.0.1 | |
Eclipse | =3.6-m6 | |
Eclipse | =3.4.2 | |
Eclipse | =3.3.1 | |
Eclipse | =3.3.1.1 | |
Eclipse | =3.5.1 | |
Eclipse | =2.1.3 | |
Eclipse | =3.6-m4 | |
Eclipse | =3.5.2 | |
Eclipse | =3.0.1 | |
Eclipse | =3.6-m1 | |
Eclipse | =2.1 | |
Eclipse | =2.0.2 | |
Eclipse | =3.6-rc3 | |
Eclipse | =1.0 | |
Eclipse | =3.0.2 | |
Eclipse | =3.2.2 | |
Eclipse | =3.6-rc1 | |
Eclipse | =3.1.1 | |
Eclipse | =3.3.2 | |
Eclipse | =3.6-rc2 | |
Eclipse | =3.6-m2 | |
Eclipse | =3.6-m3 | |
Eclipse | =3.4 | |
Eclipse | =2.1.1 | |
Eclipse | =3.6-rc4 | |
Eclipse | <=3.6.1 | |
Eclipse | =3.2.1 | |
Eclipse | =3.5 | |
Eclipse | =3.6-m7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2010-4647 is classified as a moderate severity vulnerability that allows for cross-site scripting attacks.
To fix CVE-2010-4647, update your Eclipse IDE to version 3.6.2 or later.
CVE-2010-4647 affects multiple versions of Eclipse IDE, including versions from 1.0 to 3.6.1.
Exploiting CVE-2010-4647 could allow attackers to inject arbitrary web scripts or HTML in the affected Eclipse Help Contents application.
While CVE-2010-4647 is older, any unpatched systems still using vulnerable versions of Eclipse IDE remain at risk.