CVE-2007-3101

Currently unrated

Key Information:

Vendor: Apache
Status: Myfaces Tomahawk
Vendor: CVE Published:; 18 June 2007

Summary

Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.

References

http://secunia.com/advisories/25618

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/34872

vdb-entryx_refsource_XF

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

EPSS Score

26% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 18, 2007
Vulnerability Reserved
Jun 7, 2007