ByteOS Network

NVD Vulnerability Details :

CVE-2007-3101

Modified

Source-secalert@redhat.com

Published At-18 Jun, 2007 | 10:30

Updated At-23 Apr, 2026 | 00:35

Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

The Apache Software Foundation

>>myfaces_tomahawk>>Versions up to 1.1.5(inclusive)

cpe:2.3:a:apache:myfaces_tomahawk:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName=Text&projectId=12310272	secalert@redhat.com	N/A
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=544	secalert@redhat.com	N/A
http://osvdb.org/36377	secalert@redhat.com	N/A
http://secunia.com/advisories/25618	secalert@redhat.com	Vendor Advisory
http://www.securityfocus.com/bid/24480	secalert@redhat.com	Patch
http://www.vupen.com/english/advisories/2007/2212	secalert@redhat.com	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/34872	secalert@redhat.com	N/A
http://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName=Text&projectId=12310272	af854a3a-2127-422b-91ae-364da2661108	N/A
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=544	af854a3a-2127-422b-91ae-364da2661108	N/A
http://osvdb.org/36377	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/25618	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.securityfocus.com/bid/24480	af854a3a-2127-422b-91ae-364da2661108	Patch
http://www.vupen.com/english/advisories/2007/2212	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/34872	af854a3a-2127-422b-91ae-364da2661108	N/A