Apache MyFaces Tomahawk JSF Application autoscroll Multiple XSS

2007-06-14T00:00:00
ID OSVDB:36377
Type osvdb
Reporter Rajat Swarup()
Modified 2007-06-14T00:00:00

Description

Manual Testing Notes

http:/[target]/some_app.jsf?autoscroll=[javascript]

References:

Vendor Specific News/Changelog Entry: http://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName=Text&projectId=12310272 Secunia Advisory ID:25618 Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=544 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0185.html ISS X-Force ID: 34872 FrSIRT Advisory: ADV-2007-2212 CVE-2007-3101 Bugtraq ID: 24480