CVE-2008-7271

Eclipse IDE - Cross-Site Scripting via Help Contents Search or Working Set Parameters

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-7271. PoCs published by Rob.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Eclipse IDE 3.3.2, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code into the browser context of an unsuspecting user.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Rob · textremotemultiple

https://www.exploit-db.com/exploits/35243

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Eclipse IDE 3.3.2, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code into the browser context of an unsuspecting user.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Eclipse IDE 3.3.2

No auth needed

Prerequisites: A vulnerable version of Eclipse IDE · User interaction to visit a crafted URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Rob · textremotemultiple

https://www.exploit-db.com/exploits/35242

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Eclipse IDE 3.3.2 by injecting arbitrary JavaScript code via the 'searchWord' parameter in the searchView.jsp page. The PoC shows how an attacker can execute malicious scripts in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Eclipse IDE 3.3.2

No auth needed

Prerequisites: Access to a vulnerable Eclipse IDE instance · Ability to craft a malicious URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html

Various Sources x_refsource_misc

https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539

Scores

EPSS 0.0056

EPSS Percentile 68.5%

Details

CWE

CWE-79

Status published

Products (2)

eclipse/eclipse_ide

eclipse/eclipse_ide 3.3.2

Published Jan 13, 2011

Tracked Since Feb 18, 2026