Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6306

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6306
Last Modified 15 Nov 2008 02:04:07
Published 11 Dec 2007 04:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6306

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.

Vulnerable Systems

Operating System

  • Jfreechart 1.0.8


References

CONFIRM - http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679&r2=680

XF - jfreechart-imagemap-xss(38922)

BID - 26752

BUGTRAQ - 20071206 R7-0031: JFreeChart Image Map Cross-Site Scripting Vulnerabilities

MISC - http://www.rapid7.com/advisories/R7-0031.jsp

SECUNIA - 31493

SECUNIA - 27959

REDHAT - RHSA-2008:0630

OSVDB - 41845

OSVDB - 41844

OSVDB - 41843

MISC - http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662

MISC - http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662

REDHAT - RHSA-2008:0261

REDHAT - RHSA-2008:0213

REDHAT - RHSA-2008:0158

REDHAT - RHSA-2008:0151

SREASON - 3430


Last Updated: 27 May 2016 10:46:27