Veracode Vulnerability DatabaseVERACODE:24669Cross-site Scripting (XSS)
0.521 Medium
EPSS
Percentile
97.6%
eclipse-emf is vulnerable to cross-site scripting (XSS). The vulnerability exists as an attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially-crafted Eclipse Help URL.
References
lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html
lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html
openwall.com/lists/oss-security/2011/01/06/16
openwall.com/lists/oss-security/2011/01/06/7
www.mandriva.com/security/advisories?name=MDVSA-2011:032
www.redhat.com/support/errata/RHSA-2011-0568.html
yehg.net/lab/pr0js/advisories/eclipse/%5Beclipse_help_server%5D_cross_site_scripting
yehg.net/lab/pr0js/advisories/eclipse/[eclipse_help_server]_cross_site_scripting
access.redhat.com/errata/RHSA-2011:0568
access.redhat.com/security/cve/CVE-2010-4647
access.redhat.com/security/updates/classification/#low
bugs.eclipse.org/bugs/show_bug.cgi?id=329582
bugzilla.redhat.com/show_bug.cgi?id=661901
exchange.xforce.ibmcloud.com/vulnerabilities/64833
Related
