Cross-Site Scripting Vulnerabilities in Apache MyFaces Tomahawk by Apache
CVE-2007-3101

Currently unrated

Key Information:

Vendor

Apache
Status
Myfaces Tomahawk
Vendor
CVE Published:
18 June 2007

What is CVE-2007-3101?

Multiple cross-site scripting (XSS) vulnerabilities exist in certain JSF applications utilizing Apache MyFaces Tomahawk versions prior to 1.1.6. These vulnerabilities allow remote attackers to inject malicious web scripts via the autoscroll parameter, which is directly processed and injected into JavaScript sent to the client, potentially compromising the security of affected web applications and their users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/25618
third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/34872
vdb-entryx_refsource_XF
http://labs.idefense.com/intelligence/vulnerabilities/dis...
third-party-advisoryx_refsource_IDEFENSE

EPSS Score

62% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.