Project Woodstock 404 Error Page UTF-7 Encoded XSS

The remote web server contains a web application built using Woodstock components, which are user interface components for the web- based on Java Server Faces and AJAX. Woodstock is part of Sun Glassfish Enterprise Server and can also be used with other Java web containers, such as JBoss, Tomcat,...

Sun Glassfish Woodstock Project 4.2 XSS

Digital Security Research Group DSecRG Advisory DSECRG-09-038 Original advisory: http://dsecrg.com/pages/vul/show.php?id=138 Application: Sun Glassfish Woodstock Project part of Glassfish Enterprise Server Versions Affected: 4.2 Vendor URL: https://woodstock.dev.java.net/ Bug: Linked XSS...

Cross site scripting

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2008-1285

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2008-1285

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

Apache MyFaces Tomahawk JSF架构Autoscroll参数跨站脚本漏洞

Java Server Faces, JSF是一款用于建立服务端GUI WEB应用程序的架构。 Java Server Faces, JSF不正确过滤用户提交的HTTP请求，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 当从POST或者GET请求解析'autoscroll'参数时，由于不充分过滤，可导致提交恶意脚本代码作为参数，当其他用户解析时可泄露敏感信息。 Apache MyFaces Tomahawk 1.1.5 升级程序： Apache MyFaces Tomahawk 1.1.5 Apache tomahawk-1.1.6-bin.tar.gz...

iDefense Security Advisory 06.14.07: Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting (XSS) Vulnerability

Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting XSS Vulnerability iDefense Security Advisory 06.14.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2007 I. BACKGROUND Java Server Faces, JSF, is a framework used to create server side GUI Web applications. It is comparab...