Apache MyFaces Tomahawk JSF Application autoscroll Multiple XSS

This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.


Synopsis :

The remote web server uses a JSP framework that is vulnerable to a
cross-site scripting attack.

Description :

The remote web server uses an implementation of the Apache MyFaces
Tomahawk JSF framework that fails to sanitize user-supplied input to
the 'autoScroll' parameter before using it to generate dynamic
content. An unauthenticated, remote attacker may be able to leverage
this issue to inject arbitrary HTML or script code into a user's
browser to be executed within the security context of the affected
site.

See also :

http://www.nessus.org/u?7f1297cd
http://www.securityfocus.com/archive/1/471397/30/0/threaded
https://issues.apache.org/jira/browse/TOMAHAWK-983
http://www.nessus.org/u?dcdfb64e

Solution :

Upgrade to MyFaces Tomahawk version 1.1.6 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 25546 ()

Bugtraq ID: 24480

CVE ID: CVE-2007-3101