CVE-2007-3101
Apache MyFaces Tomahawk < 1.1.5 - Cross-Site Scripting via autoscroll Parameter
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Rajat Swarup · textwebappsjsp
https://www.exploit-db.com/exploits/30191
References (7)
Core 7
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25618
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34872
Third Party Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=544
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36377
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24480
Various Sources x_refsource_confirm
http://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName=Text&projectId=12310272
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2212
Scores
EPSS
0.6276
EPSS Percentile
98.4%
Details
Status
published
Products (1)
apache/myfaces_tomahawk
< 1.1.5
Published
Jun 18, 2007
Tracked Since
Feb 18, 2026