CVE-2007-3101
Apache MyFaces Tomahawk < 1.1.5 - Cross-Site Scripting via autoscroll Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-3101. PoCs published by Rajat Swarup.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Apache Tomahawk MyFaces JSF Framework due to improper input sanitization. The exploit involves injecting JavaScript via the 'autoscroll' parameter in a URL.
Description
Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
Exploits (1)
The provided text describes a cross-site scripting (XSS) vulnerability in Apache Tomahawk MyFaces JSF Framework due to improper input sanitization. The exploit involves injecting JavaScript via the 'autoscroll' parameter in a URL.