CVE-2008-7271

Name of the Vulnerable Software and Affected Versions Eclipse IDE version 3.3.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application of Eclipse IDE. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited through the searchWord parameter to "help/advanced/searchView.jsp" or the workingSet parameter in an add action to "help/advanced/workingSetManager.jsp".

Recommendations For Eclipse IDE version 3.3.2, as a temporary workaround, consider restricting access to the "help/advanced/searchView.jsp" and "help/advanced/workingSetManager.jsp" endpoints to minimize the risk of exploitation. Avoid using the searchWord and workingSet parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.