Bug 421081 (CVE-2007-6306)

Summary: CVE-2007-6306 JFreeChart: XSS vulnerabilities in the image map feature
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: RELEASE_PENDING --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: dbhole, fnasser, mschoene
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6306
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 428802, 428806, 428807, 428809, 433822, 440523, 445323, 449337    
Bug Blocks: 444136    

Description Tomas Hoger 2007-12-12 08:27:06 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6306 to the following vulnerability:

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.

References:

http://www.securityfocus.com/archive/1/archive/1/484709/100/0/threaded
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662
http://www.rapid7.com/advisories/R7-0031.jsp
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679&r2=680
http://www.securityfocus.com/bid/26752
http://secunia.com/advisories/27959
http://xforce.iss.net/xforce/xfdb/38922