This remotely exploitable input validation vulnerability in Apache Software Foundation's MyFaces Tomahawk JSF framework could allow an attacker to perform a cross-site scripting attack.
MyFaces Tomahawk JSF framework version 1.1.5
Cross Site Scripting.
The Apache Software Foundation MyFaces team has addressed this vulnerability by releasing version 1.1.6 of MyFaces Tomahawk. More information can be found at the following URL.