4.3

CVE-2007-3101

Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheMyfaces Tomahawk Version <= 1.1.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 44.45% 0.986
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName=Text&projectId=12310272
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=544
http://osvdb.org/36377
http://secunia.com/advisories/25618
Vendor Advisory
http://www.securityfocus.com/bid/24480
Patch
http://www.vupen.com/english/advisories/2007/2212
https://exchange.xforce.ibmcloud.com/vulnerabilities/34872