CVE-2010-4647

Eclipse IDE < 3.6.2 - Cross-Site Scripting via Help Contents Query String

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-4647. PoCs published by Aung Khant.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in the Eclipse IDE Help component by injecting an 'onload' event handler into the URL. The vulnerability arises from insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Aung Khant · textremotelinux
https://www.exploit-db.com/exploits/34998

This exploit demonstrates a cross-site scripting (XSS) vulnerability in the Eclipse IDE Help component by injecting an 'onload' event handler into the URL. The vulnerability arises from insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Eclipse IDE Help component
No auth needed
Prerequisites: Access to the Eclipse IDE Help component via a web browser
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Aung Khant · textremotelinux
https://www.exploit-db.com/exploits/34999

This exploit demonstrates a cross-site scripting (XSS) vulnerability in the Eclipse IDE Help component by injecting arbitrary JavaScript code via the 'onload' event in the URL. The vulnerability arises due to insufficient input sanitization.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Eclipse IDE Help component
No auth needed
Prerequisites: Access to the Eclipse IDE Help component via a web browser
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/01/06/16
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0568.html
Exploit mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/01/06/7
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:032
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64833
Various Sources x_refsource_misc
https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582

Scores

EPSS 0.0522
EPSS Percentile 91.5%

Details

CWE
CWE-79
Status published
Products (29)
eclipse/eclipse_ide 1.0
eclipse/eclipse_ide 2.0
eclipse/eclipse_ide 2.0.1
eclipse/eclipse_ide 2.0.2
eclipse/eclipse_ide 2.1
eclipse/eclipse_ide 2.1.1
eclipse/eclipse_ide 2.1.2
eclipse/eclipse_ide 2.1.3
eclipse/eclipse_ide 3.0
eclipse/eclipse_ide 3.0.1
... and 19 more
Published Jan 13, 2011
Tracked Since Feb 18, 2026