CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4218 – XXE in eclipse.platform / Eclipse IDE
https://notcve.org/view.php?id=CVE-2023-4218
09 Nov 2023 — In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch). En las versiones de Eclipse IDE <2023-09 (4.29), algunos archivos con contenido xml se analizan como vulnerables a todo tipo de ataques XXE. El usuario sólo necesita abrir cualquier proyecto maligno o actualizar un proyecto abierto co... • https://github.com/eclipse-cdt/cdt/commit/c7169b3186d2fef20f97467c3e2ad78e2943ed1b • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2008-7271 – Eclipse 3.3.2 IDE - 'Help Server help/advanced/searchView.jsp?SearchWord' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-7271
13 Jan 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la aplicación web Hel... • https://www.exploit-db.com/exploits/35242 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 12%CPEs: 39EXPL: 4CVE-2010-4647 – Eclipse 3.6.1 - Help Server 'help/advanced/content.jsp' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4647
13 Jan 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Help Contents web (también conocido como Help Server), permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante el qu... • https://www.exploit-db.com/exploits/34999 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •