This is a quick demo about successful XSSing even when the Eclipse uses a random port for its Help Server.
The purpose of this demo is to disqualify possible myths like 'Eclipse uses a random port for help server upon each startup and thus the chance to get Xssed is rare'. Note, this demo uses XSS that works only in Microsoft Internet Explorer. This demo will also add free ad in your Eclipse window via CSRF.
Firstly, the first XSS payload shows you a javascript alert box with Eclipse Help Server Content (index.jsp). There embedded other XSS payloads to demonstrate the real image in a situation where users' Microsoft Internet Explorer browser security settings are weak or users are enticed into clicking "Yes" by any means. Those payloads do the following:

2. trying to read your gmail via https://mail.google.com/mail/feed/atom while you're logged in to gmail
3. trying to execute a calculator (calc) program
4. trying to download our desired executable which will be run upon completion of download