CVE-2007-3101
N/A
N/A
Summary
Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://secunia.com/advisories/25618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34872
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=544
- http://osvdb.org/36377
- http://www.securityfocus.com/bid/24480
- http://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName=Text&projectId=12310272
- http://www.vupen.com/english/advisories/2007/2212
References
- http://secunia.com/advisories/25618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34872
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=544
- http://osvdb.org/36377
- http://www.securityfocus.com/bid/24480
- http://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName=Text&projectId=12310272
- http://www.vupen.com/english/advisories/2007/2212
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.