Intrusion Prevention

Eclipse.IDE.Help.Component.XSS

Description

This indicates an attack attempt against a cross-site-scripting vulnerability in Help Contents web application in Eclipse IDE.
The vulnerability is a result of the application's failure to properly sanitize user input. As a result, Javascript encoded in a malicious URL can be executed in the context of the user that visited the site. It may result in information disclosure.

Affected Products

Eclipse Eclipse Project 3.6.1
Eclipse Eclipse Project 3.1.1
Eclipse Eclipse Project 3.1
Eclipse Eclipse Project 3.0.1
Eclipse Eclipse Project 3.0
Eclipse Eclipse Project 2.1.3
Eclipse Eclipse Project 2.1.2
Eclipse Eclipse Project 2.1.1
Eclipse Eclipse Project 2.1
Eclipse Eclipse Project 2.0

Impact

Information disclosure

Recommended Actions

Currently we are not aware of any patches supplied by the vendor for this issue.

CVE References

CVE-2010-4647