CVE-2007-6306

JFreeChart 1.0.8 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.

References (18)

[Patch] http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679&r2=680

[Exploit] http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662

[Exploit] http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662

[Third Party Advisory, VDB Entry] http://osvdb.org/41843

[Third Party Advisory, VDB Entry] http://osvdb.org/41844

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2008-0630.html

[Vendor Advisory] http://secunia.com/advisories/27959

[Third Party Advisory] http://www.rapid7.com/advisories/R7-0031.jsp

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0151.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0158.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0213.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0261.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/38922

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/484709/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26752

[Third Party Advisory, VDB Entry] http://osvdb.org/41845

[Third Party Advisory] http://secunia.com/advisories/31493

[Third Party Advisory] http://securityreason.com/securityalert/3430

Scores

EPSS 0.0238

EPSS Percentile 84.8%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

jfree/jfreechart

Timeline

Published Dec 11, 2007

Tracked Since Feb 18, 2026