Remote unauthenticated exploitation of an input validation vulnerability in Apache Software Foundation's ActiveMQ server could allow an attacker to perform a stored or persistent cross-site scripting (XSS) attack.
a93c7b1bf48d73b062e00b4bcc020d13797e54a1c0439e6efadd535c2fdb2b1biDefense Security Advisory 06.14.07 - Remote exploitation of an input validation vulnerability in Apache Software Foundation's MyFaces Tomahawk JSF framework could allow an attacker to perform a cross-site scripting (XSS) attack. The code responsible for parsing HTTP requests is vulnerable to an XSS vulnerability. When parsing the 'autoscroll' parameter from a POST or GET request, the value of this variable is directly inserted into JavaScript that is sent back to the client. This allows an attacker to run arbitrary JavaScript in the context of the affected domain of the MyFaces application being targeted. iDefense has confirmed the existence of this vulnerability in MyFaces Tomahawk version 1.1.5. Previous versions may also be affected.
244283775e3ba1442966782ad515ee3b4e94173b27931fb11f8a1cb4f498d173
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed