Cross-Site Scripting Vulnerabilities in Apache MyFaces Tomahawk by Apache
CVE-2007-3101

Currently unrated

Key Information:

Vendor: Apache
Status: Myfaces Tomahawk
Vendor: CVE Published:; 18 June 2007

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in certain JSF applications utilizing Apache MyFaces Tomahawk versions prior to 1.1.6. These vulnerabilities allow remote attackers to inject malicious web scripts via the autoscroll parameter, which is directly processed and injected into JavaScript sent to the client, potentially compromising the security of affected web applications and their users.

References

http://secunia.com/advisories/25618

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/34872

vdb-entryx_refsource_XF

http://labs.idefense.com/intelligence/vulnerabilities/dis...

third-party-advisoryx_refsource_IDEFENSE

EPSS Score

60% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 18, 2007
Vulnerability Reserved
Jun 7, 2007