CVSS: 4.3EPSS: 63%CPEs: 1EXPL: 1CVE-2007-3101 – Apache MyFaces Tomahawk JSF Framework 1.1.5 - 'Autoscroll' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3101
Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en ciertas aplicaciones JSF en Apache MyFaces Tomahawk anterior a 1.1.6 permite a atacantes remotos inyectar secuencias de comandos web a través del parámetro autoscroll, el cual es inyectado dentro de un Javascript que es enviado a el cliente. • https://www.exploit-db.com/exploits/30191 http://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName=Text&projectId=12310272 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=544 http://osvdb.org/36377 http://secunia.com/advisories/25618 http://www.securityfocus.com/bid/24480 http://www.vupen.com/english/advisories/2007/2212 https://exchange.xforce.ibmcloud.com/vulnerabilities/34872 •