Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk prior to 1.1.6 allow remote malicious users to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache myfaces tomahawk |