4.3
CVE-2007-3101
- EPSS 44.45%
- Veröffentlicht 18.06.2007 10:30:00
- Zuletzt bearbeitet 16.06.2026 22:41:04
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ Myfaces Tomahawk Version <= 1.1.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 44.45% | 0.986 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName=Text&projectId=12310272
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=544
http://osvdb.org/36377
http://secunia.com/advisories/25618
http://www.securityfocus.com/bid/24480
http://www.vupen.com/english/advisories/2007/2212
https://exchange.xforce.ibmcloud.com/vulnerabilities/34872