CVE-2008-7271

Publication date 13 January 2011

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.

Read the notes from the security team

Status

Package Ubuntu Release Status
eclipse 16.04 LTS xenial
Not affected
15.10 wily
Not affected
15.04 vivid Ignored end of life
14.10 utopic Ignored end of life
14.04 LTS trusty Not in release
13.10 saucy Ignored end of life
13.04 raring Ignored end of life
12.10 quantal Ignored end of life
12.04 LTS precise
Not affected
11.10 oneiric Ignored end of life
11.04 natty Ignored end of life
10.10 maverick Ignored end of life
10.04 LTS lucid Ignored end of life
9.10 karmic Ignored end of life
8.04 LTS hardy Ignored end of life
6.06 LTS dapper Ignored end of life

Notes

sbeattie

fixed upstream in 3.4

References

Other references