CVE-2007-3101

Multiple cross-site scripting XSS vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client...

CVE-2007-3101

Multiple cross-site scripting XSS vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client...

CVE-2007-3101

CVE-2007-3101 corresponds to XSS in Apache MyFaces Tomahawk JSF framework prior to 1.1.6. The vulnerability arises from unsanitized autoscroll input that is injected into Javascript sent to clients, enabling remote script execution in the user’s browser. Remediation: upgrade to MyFaces Tomahawk 1...

Apache MyFaces Tomahawk JSF架构Autoscroll参数跨站脚本漏洞

Java Server Faces, JSF是一款用于建立服务端GUI WEB应用程序的架构。 Java Server Faces, JSF不正确过滤用户提交的HTTP请求，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 当从POST或者GET请求解析'autoscroll'参数时，由于不充分过滤，可导致提交恶意脚本代码作为参数，当其他用户解析时可泄露敏感信息。 Apache MyFaces Tomahawk 1.1.5 升级程序： Apache MyFaces Tomahawk 1.1.5 Apache tomahawk-1.1.6-bin.tar.gz...

Apache MyFaces Tomahawk crossite scripting

Crossite scripting on 'autoscroll' parameter...

iDefense Security Advisory 06.14.07: Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting (XSS) Vulnerability

Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting XSS Vulnerability iDefense Security Advisory 06.14.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2007 I. BACKGROUND Java Server Faces, JSF, is a framework used to create server side GUI Web applications. It is comparab...