CVE-2010-4647
Eclipse IDE < 3.6.2 - Cross-Site Scripting via Help Contents Query String
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2010-4647. PoCs published by Aung Khant.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in the Eclipse IDE Help component by injecting an 'onload' event handler into the URL. The vulnerability arises from insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
Exploits (2)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in the Eclipse IDE Help component by injecting an 'onload' event handler into the URL. The vulnerability arises from insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in the Eclipse IDE Help component by injecting arbitrary JavaScript code via the 'onload' event in the URL. The vulnerability arises due to insufficient input sanitization.