CVE-2007-3101: XSS
First published: Mon Jun 18 2007(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache MyFaces Tomahawk | <=1.1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=544
- http://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName=Text&projectId=12310272
- http://www.securityfocus.com/bid/24480
- http://secunia.com/advisories/25618
- http://www.vupen.com/english/advisories/2007/2212
- http://osvdb.org/36377
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34872
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- vendor/apache
- canonical/apache myfaces tomahawk
- version/apache myfaces tomahawk/1.1.5