CVE-2010-4647
CVE-2010-4647
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
Productos afectados
n/a · n/aPoCs públicas encontradas — 2
exploitdbwww.exploit-db.com/exploits/34999no verificadoexploitdbwww.exploit-db.com/exploits/34998no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.htmlhttp://openwall.com/lists/oss-security/2011/01/06/16http://openwall.com/lists/oss-security/2011/01/06/7https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582https://exchange.xforce.ibmcloud.com/vulnerabilities/64833http://www.mandriva.com/security/advisories?name=MDVSA-2011:032http://www.redhat.com/support/errata/RHSA-2011-0568.htmlhttp://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting