Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache MyFaces Tomahawk JSF框架Autoscroll参数跨站脚本执行漏洞
Vulnerability Description
Java Server Faces(JSF)是用于创建服务器端GUI Web应用的框架,Apache MyFaces Tomahawk是JSF的开源实现。 MyFaces Tomahawk JSF框架中负责解析HTTP请求的代码中存在跨站脚本漏洞,远程攻击者可能利用此漏洞在用户的浏览器中执行恶意代码。 在解析POST或GET请求的autoscroll参数时,该变量的值未经过滤直接注入了发送给客户端JavaScript,这就允许攻击者在MyFaces应用的域中执行任意JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A