Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Myfaces Tomahawk | <= 1.1.5 |
References
- http://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=544
- http://osvdb.org/36377
- http://secunia.com/advisories/25618Vendor Advisory
- http://www.securityfocus.com/bid/24480Patch
- http://www.vupen.com/english/advisories/2007/2212
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34872
- http://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=544
- http://osvdb.org/36377
- http://secunia.com/advisories/25618Vendor Advisory
- http://www.securityfocus.com/bid/24480Patch
- http://www.vupen.com/english/advisories/2007/2212
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34872
FAQ
What is CVE-2007-3101?
CVE-2007-3101 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll paramet...
How severe is CVE-2007-3101?
CVE-2007-3101 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3101?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Myfaces Tomahawk.