CVE-2007-3101

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/06/2007
Last modified:
09/04/2025

Description

Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:myfaces_tomahawk:*:*:*:*:*:*:*:* 1.1.5 (including)