tomahawk is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to the lack of sanitization of the autoScroll
parameter, allowing XSS attacks.
CPE | Name | Operator | Version |
---|---|---|---|
tomahawk core | eq | 1.1.5 |
issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName=Text&projectId=12310272
labs.idefense.com/intelligence/vulnerabilities/display.php?id=544
osvdb.org/36377
secunia.com/advisories/25618
www.securityfocus.com/bid/24480
www.vupen.com/english/advisories/2007/2212
exchange.xforce.ibmcloud.com/vulnerabilities/34872
issues.apache.org/jira/browse/TOMAHAWK-1021
issues.apache.org/jira/secure/ReleaseNote.jspa?version=12312536&styleName=Text&projectId=12310272