Detections
Analytics

CVE-2007-3101

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/34872

http://www.vupen.com/english/advisories/2007/2212

http://www.securityfocus.com/bid/24480

http://secunia.com/advisories/25618

http://osvdb.org/36377

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=544

http://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName=Text&projectId=12310272

Details

Source: Mitre, NVD

Published: 2007-06-18

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium