Unrated severityNVD Advisory· Published Jun 18, 2007· Updated Jun 16, 2026
CVE-2007-3101
CVE-2007-3101
Description
Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:apache:myfaces_tomahawk:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apache:myfaces_tomahawk:*:*:*:*:*:*:*:*range: <=1.1.5
- (no CPE)range: <1.1.6
Patches
Vulnerability mechanics
References
7- www.securityfocus.com/bid/24480nvdPatch
- secunia.com/advisories/25618nvdVendor Advisory
- issues.apache.org/jira/secure/ReleaseNote.jspanvd
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
- osvdb.org/36377nvd
- www.vupen.com/english/advisories/2007/2212nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/34872nvd
News mentions
0No linked articles in our index yet.