Web application abuses : Eclipse IDE < 3.6.2 Multiple XSS Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801745

Categoría: Web application abuses

Título: Eclipse IDE < 3.6.2 Multiple XSS Vulnerabilities

Resumen: Eclipse IDE is prone to multiple cross-site scripting (XSS) vulnerabilities.

Descripción: Summary:
Eclipse IDE is prone to multiple cross-site scripting (XSS) vulnerabilities.

Vulnerability Insight:
- Input passed to the 'onload' parameter in 'help/index.jsp' and
'help/advanced/content.jsp' are not properly sanitised before being
returned to the user.

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute arbitrary HTML
and script code in a user's browser session in the context of an affected application.

Affected Software/OS:
Eclipse IDE Version 3.6.1 and prior

Solution:
Upgrade to Eclipse IDE Version 3.6.2 or later

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-4647
FEDORA-2010-18990
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html
FEDORA-2010-19006
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html
MDVSA-2011:032
http://www.mandriva.com/security/advisories?name=MDVSA-2011:032
RHSA-2011:0568
http://www.redhat.com/support/errata/RHSA-2011-0568.html
[oss-security] 20110106 CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)
http://openwall.com/lists/oss-security/2011/01/06/7
[oss-security] 20110106 Re: CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)
http://openwall.com/lists/oss-security/2011/01/06/16
eclipseide-querystring-xss(64833)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64833
http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting
https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801745
Categoría:	Web application abuses
Título:	Eclipse IDE < 3.6.2 Multiple XSS Vulnerabilities
Resumen:	Eclipse IDE is prone to multiple cross-site scripting (XSS) vulnerabilities.
Descripción:	Summary: Eclipse IDE is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: - Input passed to the 'onload' parameter in 'help/index.jsp' and 'help/advanced/content.jsp' are not properly sanitised before being returned to the user. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected application. Affected Software/OS: Eclipse IDE Version 3.6.1 and prior Solution: Upgrade to Eclipse IDE Version 3.6.2 or later CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-4647 FEDORA-2010-18990 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html FEDORA-2010-19006 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html MDVSA-2011:032 http://www.mandriva.com/security/advisories?name=MDVSA-2011:032 RHSA-2011:0568 http://www.redhat.com/support/errata/RHSA-2011-0568.html [oss-security] 20110106 CVE Request: Eclipse IDE Version: 3.6.1 \| Help Server Local Cross Site Scripting (XSS) http://openwall.com/lists/oss-security/2011/01/06/7 [oss-security] 20110106 Re: CVE Request: Eclipse IDE Version: 3.6.1 \| Help Server Local Cross Site Scripting (XSS) http://openwall.com/lists/oss-security/2011/01/06/16 eclipseide-querystring-xss(64833) https://exchange.xforce.ibmcloud.com/vulnerabilities/64833 http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582
Copyright	Copyright (C) 2011 Greenbone AG