CVE-2010-4647

CVE Details

Release Date:	2011-01-13
Impact:	Low	What is this?

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.

See more information about CVE-2010-4647 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v2 metrics

Base Score:	4.3
Vector String:	AV:N/AC:M/Au:N/C:N/I:P/A:N
Version:	2.0
Attack Vector:	Network
Attack Complexity:	Medium
Authentication:	None
Confidentiality Impact:	None
Integrity Impact:	Partial
Availability Impact:	None

Errata information

Platform	Errata	Release Date
Oracle Linux version 6 (eclipse)	ELSA-2011-0568	2011-05-28
Oracle Linux version 6 (eclipse-birt)	ELSA-2011-0568	2011-05-28
Oracle Linux version 6 (eclipse-callgraph)	ELSA-2011-0568	2011-05-28
Oracle Linux version 6 (eclipse-cdt)	ELSA-2011-0568	2011-05-28
Oracle Linux version 6 (eclipse-changelog)	ELSA-2011-0568	2011-05-28
Oracle Linux version 6 (eclipse-dtp)	ELSA-2011-0568	2011-05-28
Oracle Linux version 6 (eclipse-emf)	ELSA-2011-0568	2011-05-28
Oracle Linux version 6 (eclipse-gef)	ELSA-2011-0568	2011-05-28
Oracle Linux version 6 (eclipse-linuxprofilingframework)	ELSA-2011-0568	2011-05-28
Oracle Linux version 6 (eclipse-mylyn)	ELSA-2011-0568	2011-05-28
Oracle Linux version 6 (eclipse-oprofile)	ELSA-2011-0568	2011-05-28
Oracle Linux version 6 (eclipse-rse)	ELSA-2011-0568	2011-05-28
Oracle Linux version 6 (eclipse-valgrind)	ELSA-2011-0568	2011-05-28
Oracle Linux version 6 (icu4j)	ELSA-2011-0568	2011-05-28
Oracle Linux version 6 (jetty-eclipse)	ELSA-2011-0568	2011-05-28
Oracle Linux version 6 (objectweb-asm)	ELSA-2011-0568	2011-05-28
Oracle Linux version 6 (sat4j)	ELSA-2011-0568	2011-05-28