Intrusion Prevention

Apache.MyFaces.Tomahawk.JSF.Framework.XSS

Description

This remotely exploitable input validation vulnerability in Apache Software Foundation's MyFaces Tomahawk JSF framework could allow an attacker to perform a cross-site scripting attack.

Affected Products

MyFaces Tomahawk JSF framework version 1.1.5

Impact

Cross Site Scripting.

Recommended Actions

The Apache Software Foundation MyFaces team has addressed this vulnerability by releasing version 1.1.6 of MyFaces Tomahawk. More information can be found at the following URL.
http://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName=Text&projectId=12310272

CVE References

CVE-2007-3101