Search criteria
9 vulnerabilities found for eclipse_ide by eclipse
FKIE_CVE-2023-4218
Vulnerability from fkie_nvd - Published: 2023-11-09 09:15 - Updated: 2024-11-21 08:34
Severity ?
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Summary
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | eclipse_ide | * | |
| eclipse | org.eclipse.core.runtime | * | |
| eclipse | pde | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8336F1-FA6C-46B0-B4D2-F5B01D3F64DD",
"versionEndExcluding": "4.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:org.eclipse.core.runtime:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5577C-DC07-414F-AF2E-E45B65408680",
"versionEndExcluding": "3.29.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:pde:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81620F59-7825-4EAC-AF33-103FD0F203F9",
"versionEndExcluding": "3.13.2400",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse IDE versions \u003c 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).\n"
},
{
"lang": "es",
"value": "En las versiones de Eclipse IDE \u0026lt;2023-09 (4.29), algunos archivos con contenido xml se analizan como vulnerables a todo tipo de ataques XXE. El usuario s\u00f3lo necesita abrir cualquier proyecto maligno o actualizar un proyecto abierto con un archivo vulnerable (por ejemplo, para revisar un repositorio o parche externo)."
}
],
"id": "CVE-2023-4218",
"lastModified": "2024-11-21T08:34:38.737",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"source": "emo@eclipse.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-09T09:15:08.320",
"references": [
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-cdt/cdt/commit/c7169b3186d2fef20f97467c3e2ad78e2943ed1b"
},
{
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/eclipse-emf/org.eclipse.emf/issues/10"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-jdt/eclipse.jdt.core/commit/38dd2a878f45cdb3d8d52090f1d6d1b532fd4c4d"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-jdt/eclipse.jdt.ui/commit/13675b1f8a74f47de4da89ed0ded6af7c21dfbec"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/632/"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/667/"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.releng.buildtools/pull/45"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.swt/commit/bf71db5ddcb967c0863dad4745367b54f49e06ba"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.ui/commit/f243cf0a28785b89b7c50bf4e1cce48a917d89bd"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-platform/eclipse.platform/pull/761"
},
{
"source": "emo@eclipse.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-cdt/cdt/commit/c7169b3186d2fef20f97467c3e2ad78e2943ed1b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/eclipse-emf/org.eclipse.emf/issues/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-jdt/eclipse.jdt.core/commit/38dd2a878f45cdb3d8d52090f1d6d1b532fd4c4d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-jdt/eclipse.jdt.ui/commit/13675b1f8a74f47de4da89ed0ded6af7c21dfbec"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/632/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/667/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.releng.buildtools/pull/45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.swt/commit/bf71db5ddcb967c0863dad4745367b54f49e06ba"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.ui/commit/f243cf0a28785b89b7c50bf4e1cce48a917d89bd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/eclipse-platform/eclipse.platform/pull/761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/8"
}
],
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "emo@eclipse.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-4647
Vulnerability from fkie_nvd - Published: 2011-01-13 19:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | eclipse_ide | * | |
| eclipse | eclipse_ide | 1.0 | |
| eclipse | eclipse_ide | 2.0 | |
| eclipse | eclipse_ide | 2.0.1 | |
| eclipse | eclipse_ide | 2.0.2 | |
| eclipse | eclipse_ide | 2.1 | |
| eclipse | eclipse_ide | 2.1.1 | |
| eclipse | eclipse_ide | 2.1.2 | |
| eclipse | eclipse_ide | 2.1.3 | |
| eclipse | eclipse_ide | 3.0 | |
| eclipse | eclipse_ide | 3.0.1 | |
| eclipse | eclipse_ide | 3.0.2 | |
| eclipse | eclipse_ide | 3.1 | |
| eclipse | eclipse_ide | 3.1.1 | |
| eclipse | eclipse_ide | 3.1.2 | |
| eclipse | eclipse_ide | 3.2 | |
| eclipse | eclipse_ide | 3.2.1 | |
| eclipse | eclipse_ide | 3.2.2 | |
| eclipse | eclipse_ide | 3.3 | |
| eclipse | eclipse_ide | 3.3.1 | |
| eclipse | eclipse_ide | 3.3.1.1 | |
| eclipse | eclipse_ide | 3.3.2 | |
| eclipse | eclipse_ide | 3.4 | |
| eclipse | eclipse_ide | 3.4.1 | |
| eclipse | eclipse_ide | 3.4.2 | |
| eclipse | eclipse_ide | 3.5 | |
| eclipse | eclipse_ide | 3.5.1 | |
| eclipse | eclipse_ide | 3.5.2 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 | |
| eclipse | eclipse_ide | 3.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C1BF21-969E-4678-93A9-77B9B498F2BA",
"versionEndIncluding": "3.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4885748-0EB1-40B1-B4AB-98E410126D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ECF677E-6117-4F0E-A092-1A2188B2ABF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D063DE9-3338-474B-97C9-C2E4F296E5CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D86750B2-3009-4191-B691-7E066260515A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "941AD1D7-680B-465C-B5B2-B6301560B97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD3CF02-B949-4799-BB91-113A3CA41A7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "679006A3-7CC5-4D77-979C-8D22EDB4E4A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66FA5EF5-86E2-4DA5-9E84-F3FC1EFCBBFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39FDE00-59B9-428C-857B-10DBC6CAD937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4038314-44C4-40AE-A558-74073F15750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0837DD00-2778-4C34-99F4-4878FA537C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C760BD-9E48-4EE5-93BA-8C1DC996B3AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC2A5188-7229-4B19-9786-62E39FBF036D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10102CF1-F461-413C-AA3A-092556B9BF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A5DD907-2A5A-4491-A517-2DDB34A580E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD8B9BB-9568-44F4-9843-611FD6769AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F0EC0E-AA65-4F9B-8FDD-CE4B1B4ACF5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5907C6D0-4EA3-4F8E-9E3A-0505BA53F261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "873A33FA-FCF0-4007-94DE-523BF5842F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D96F970-8948-4014-A18A-FA7C222C0B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5875CD2E-E28B-48BE-92F0-3C34F713C558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F8DF44-0068-48A9-8E1A-7399581AC91E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0840E876-228B-4C85-BDF7-A4A38F16FBF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0F3C49-D729-4F54-AD5B-F4667275828F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A74B911F-50F3-4C4A-BE1F-F3E331E2F3EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "23E62335-6EDB-46CA-9502-0D013949BD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A475BF-CEC9-4B0C-A9CF-FF5CD0198659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:m1:*:*:*:*:*:*",
"matchCriteriaId": "BF9561F4-FEA2-4A8F-A761-72F9C1D1E046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:m2:*:*:*:*:*:*",
"matchCriteriaId": "CB36BF12-8F04-4898-A31C-63031C99354F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:m3:*:*:*:*:*:*",
"matchCriteriaId": "07D83BF7-CF20-4898-B2D3-23B40D3F961D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:m4:*:*:*:*:*:*",
"matchCriteriaId": "80028C7A-F530-479E-8FD6-F3ADBBC2598C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:m5:*:*:*:*:*:*",
"matchCriteriaId": "74947CA6-5C06-4EB1-AF71-6A48AD25A84E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:m6:*:*:*:*:*:*",
"matchCriteriaId": "D1FF765B-13AA-4B3D-8B8C-BF41EFCD203C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:m7:*:*:*:*:*:*",
"matchCriteriaId": "95696770-BE8F-4D86-AEF4-A7102F154898",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0E740A0E-B314-4A01-9AB8-17B4EE45D4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3E784581-98AC-4341-B06F-3B861F313708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "871833EE-1CA1-4258-97B2-748ACD760AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.6:rc4:*:*:*:*:*:*",
"matchCriteriaId": "7DCF21CF-8984-4C3A-BD30-BD7CDA188C35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Help Contents web (tambi\u00e9n conocido como Help Server), permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante el query string a (1) help/index.jsp o (2) help/advanced/content.jsp"
}
],
"id": "CVE-2010-4647",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-13T19:00:04.917",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:032"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0568.html"
},
{
"source": "secalert@redhat.com",
"url": "http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0568.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64833"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-7271
Vulnerability from fkie_nvd - Published: 2011-01-13 19:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| eclipse | eclipse_ide | * | |
| eclipse | eclipse_ide | 3.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8F4AED-D3AE-43BB-A84E-7EEFC1F1C634",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:eclipse_ide:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5875CD2E-E28B-48BE-92F0-3C34F713C558",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la aplicaci\u00f3n web Help Contents (tambien conocida como Help Server) en Eclipse IDE, posiblemente v3.3.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de los par\u00e1metros (1) searchWord sobre help/advanced/searchView.jsp o (2) workingSet en una acci\u00f3n add sobre help/advanced/workingSetManager.jsp, en una vulnerabilidad distinta a CVE-2010-4647.\r\n"
}
],
"id": "CVE-2008-7271",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-01-13T19:00:01.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-4218 (GCVE-0-2023-4218)
Vulnerability from cvelistv5 – Published: 2023-11-09 08:26 – Updated: 2024-09-03 19:26
VLAI?
Summary
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
Severity ?
5 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Eclipse Foundation | Eclipse IDE |
Affected:
0 , < 4.29
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Jörg Kubitz
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/632/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/667/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-platform/eclipse.platform/pull/761"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.releng.buildtools/pull/45"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.ui/commit/f243cf0a28785b89b7c50bf4e1cce48a917d89bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-jdt/eclipse.jdt.ui/commit/13675b1f8a74f47de4da89ed0ded6af7c21dfbec"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-jdt/eclipse.jdt.core/commit/38dd2a878f45cdb3d8d52090f1d6d1b532fd4c4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-emf/org.eclipse.emf/issues/10"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.swt/commit/bf71db5ddcb967c0863dad4745367b54f49e06ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-cdt/cdt/commit/c7169b3186d2fef20f97467c3e2ad78e2943ed1b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4218",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T19:23:43.910350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:26:14.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse IDE",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "4.29",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Eclipse IDE",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "2023-09",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "org.eclipse.core.runtime",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "3.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "org.eclipse.pde",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "3.13.2400",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "J\u00f6rg Kubitz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse IDE versions \u0026lt; 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).\u003cbr\u003e"
}
],
"value": "In Eclipse IDE versions \u003c 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T08:26:51.567Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/8"
},
{
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/632/"
},
{
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/667/"
},
{
"url": "https://github.com/eclipse-platform/eclipse.platform/pull/761"
},
{
"url": "https://github.com/eclipse-platform/eclipse.platform.releng.buildtools/pull/45"
},
{
"url": "https://github.com/eclipse-platform/eclipse.platform.ui/commit/f243cf0a28785b89b7c50bf4e1cce48a917d89bd"
},
{
"url": "https://github.com/eclipse-jdt/eclipse.jdt.ui/commit/13675b1f8a74f47de4da89ed0ded6af7c21dfbec"
},
{
"url": "https://github.com/eclipse-jdt/eclipse.jdt.core/commit/38dd2a878f45cdb3d8d52090f1d6d1b532fd4c4d"
},
{
"url": "https://github.com/eclipse-emf/org.eclipse.emf/issues/10"
},
{
"url": "https://github.com/eclipse-platform/eclipse.platform.swt/commit/bf71db5ddcb967c0863dad4745367b54f49e06ba"
},
{
"url": "https://github.com/eclipse-cdt/cdt/commit/c7169b3186d2fef20f97467c3e2ad78e2943ed1b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XXE in eclipse.platform / Eclipse IDE",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2023-4218",
"datePublished": "2023-11-09T08:26:51.567Z",
"dateReserved": "2023-08-08T06:06:20.616Z",
"dateUpdated": "2024-09-03T19:26:14.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4647 (GCVE-0-2010-4647)
Vulnerability from cvelistv5 – Published: 2011-01-13 18:35 – Updated: 2024-08-07 03:51
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110106 Re: CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/16"
},
{
"name": "RHSA-2011:0568",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0568.html"
},
{
"name": "[oss-security] 20110106 CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/7"
},
{
"name": "FEDORA-2010-18990",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html"
},
{
"name": "MDVSA-2011:032",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:032"
},
{
"name": "FEDORA-2010-19006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting"
},
{
"name": "eclipseide-querystring-xss(64833)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110106 Re: CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/16"
},
{
"name": "RHSA-2011:0568",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0568.html"
},
{
"name": "[oss-security] 20110106 CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/7"
},
{
"name": "FEDORA-2010-18990",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html"
},
{
"name": "MDVSA-2011:032",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:032"
},
{
"name": "FEDORA-2010-19006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting"
},
{
"name": "eclipseide-querystring-xss(64833)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4647",
"datePublished": "2011-01-13T18:35:00",
"dateReserved": "2011-01-03T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7271 (GCVE-0-2008-7271)
Vulnerability from cvelistv5 – Published: 2011-01-13 18:35 – Updated: 2024-09-16 20:17
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:35.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-13T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html",
"refsource": "MISC",
"url": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html"
},
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539",
"refsource": "MISC",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7271",
"datePublished": "2011-01-13T18:35:00Z",
"dateReserved": "2011-01-13T00:00:00Z",
"dateUpdated": "2024-09-16T20:17:41.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4218 (GCVE-0-2023-4218)
Vulnerability from nvd – Published: 2023-11-09 08:26 – Updated: 2024-09-03 19:26
VLAI?
Summary
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).
Severity ?
5 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Eclipse Foundation | Eclipse IDE |
Affected:
0 , < 4.29
(semver)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Jörg Kubitz
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/632/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/667/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-platform/eclipse.platform/pull/761"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.releng.buildtools/pull/45"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.ui/commit/f243cf0a28785b89b7c50bf4e1cce48a917d89bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-jdt/eclipse.jdt.ui/commit/13675b1f8a74f47de4da89ed0ded6af7c21dfbec"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-jdt/eclipse.jdt.core/commit/38dd2a878f45cdb3d8d52090f1d6d1b532fd4c4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-emf/org.eclipse.emf/issues/10"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-platform/eclipse.platform.swt/commit/bf71db5ddcb967c0863dad4745367b54f49e06ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eclipse-cdt/cdt/commit/c7169b3186d2fef20f97467c3e2ad78e2943ed1b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4218",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T19:23:43.910350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:26:14.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse IDE",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "4.29",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Eclipse IDE",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "2023-09",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "org.eclipse.core.runtime",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "3.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "org.eclipse.pde",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "3.13.2400",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "J\u00f6rg Kubitz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse IDE versions \u0026lt; 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).\u003cbr\u003e"
}
],
"value": "In Eclipse IDE versions \u003c 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T08:26:51.567Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/8"
},
{
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/632/"
},
{
"url": "https://github.com/eclipse-pde/eclipse.pde/pull/667/"
},
{
"url": "https://github.com/eclipse-platform/eclipse.platform/pull/761"
},
{
"url": "https://github.com/eclipse-platform/eclipse.platform.releng.buildtools/pull/45"
},
{
"url": "https://github.com/eclipse-platform/eclipse.platform.ui/commit/f243cf0a28785b89b7c50bf4e1cce48a917d89bd"
},
{
"url": "https://github.com/eclipse-jdt/eclipse.jdt.ui/commit/13675b1f8a74f47de4da89ed0ded6af7c21dfbec"
},
{
"url": "https://github.com/eclipse-jdt/eclipse.jdt.core/commit/38dd2a878f45cdb3d8d52090f1d6d1b532fd4c4d"
},
{
"url": "https://github.com/eclipse-emf/org.eclipse.emf/issues/10"
},
{
"url": "https://github.com/eclipse-platform/eclipse.platform.swt/commit/bf71db5ddcb967c0863dad4745367b54f49e06ba"
},
{
"url": "https://github.com/eclipse-cdt/cdt/commit/c7169b3186d2fef20f97467c3e2ad78e2943ed1b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XXE in eclipse.platform / Eclipse IDE",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2023-4218",
"datePublished": "2023-11-09T08:26:51.567Z",
"dateReserved": "2023-08-08T06:06:20.616Z",
"dateUpdated": "2024-09-03T19:26:14.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4647 (GCVE-0-2010-4647)
Vulnerability from nvd – Published: 2011-01-13 18:35 – Updated: 2024-08-07 03:51
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110106 Re: CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/16"
},
{
"name": "RHSA-2011:0568",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0568.html"
},
{
"name": "[oss-security] 20110106 CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/7"
},
{
"name": "FEDORA-2010-18990",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html"
},
{
"name": "MDVSA-2011:032",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:032"
},
{
"name": "FEDORA-2010-19006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting"
},
{
"name": "eclipseide-querystring-xss(64833)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110106 Re: CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/16"
},
{
"name": "RHSA-2011:0568",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0568.html"
},
{
"name": "[oss-security] 20110106 CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/7"
},
{
"name": "FEDORA-2010-18990",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html"
},
{
"name": "MDVSA-2011:032",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:032"
},
{
"name": "FEDORA-2010-19006",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting"
},
{
"name": "eclipseide-querystring-xss(64833)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4647",
"datePublished": "2011-01-13T18:35:00",
"dateReserved": "2011-01-03T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7271 (GCVE-0-2008-7271)
Vulnerability from nvd – Published: 2011-01-13 18:35 – Updated: 2024-09-16 20:17
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:35.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-13T18:35:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html",
"refsource": "MISC",
"url": "http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html"
},
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539",
"refsource": "MISC",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=223539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7271",
"datePublished": "2011-01-13T18:35:00Z",
"dateReserved": "2011-01-13T00:00:00Z",
"dateUpdated": "2024-09-16T20:17:41.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}