Eclipse IDE | Help Server: Cross Site Scripting (XSS) Vulnerability

Users of Eclipse Help Contents please be advised of a Cross Site Scripting (XSS) vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Eclipse-SA-11/16/2010: Eclipse IDE | Help Server Local Cross Site Scripting (XSS) Vulnerability
VULNERABILITY DESCRIPTION

Eclipse Help Contents are served as a web application via the built-in
Jetty Web Server plugin. Cross Site Scripting vulnerabilities were
found in /help/index.jsp and /help/advanced/content.jsp URLs. XSS on
/help/advanced/content.jsp url makes the browser hang
but even after clicking “Stop Executing” button, users can still get XSS.
Read more at http://www.criticalwatch.com

 

Advertisements