5.9 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.654 Medium
EPSS
Percentile
97.9%
Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
CPE | Name | Operator | Version |
---|---|---|---|
apache:myfaces_tomahawk | apache myfaces tomahawk | le | 1.1.5 |
issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName=Text&projectId=12310272
labs.idefense.com/intelligence/vulnerabilities/display.php?id=544
osvdb.org/36377
secunia.com/advisories/25618
www.securityfocus.com/bid/24480
www.vupen.com/english/advisories/2007/2212
exchange.xforce.ibmcloud.com/vulnerabilities/34872