Bug 421081 (CVE-2007-6306) - CVE-2007-6306 JFreeChart: XSS vulnerabilities in the image map feature
Summary: CVE-2007-6306 JFreeChart: XSS vulnerabilities in the image map feature
Status: RELEASE_PENDING
Alias: CVE-2007-6306
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard: source=cve,reported=20071211,public=2...
Keywords: Security
Depends On: 428802 428806 428807 428809 433822 440523 445323 449337
Blocks: 444136
TreeView+ depends on / blocked
 
Reported: 2007-12-12 08:27 UTC by Tomas Hoger
Modified: 2019-06-08 12:26 UTC (History)
3 users (show)

(edit)
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0151 normal SHIPPED_LIVE Moderate: JBoss Enterprise Application Platform 4.2.0CP02 security update 2008-04-02 20:44:45 UTC
Red Hat Product Errata RHSA-2008:0158 normal SHIPPED_LIVE Moderate: JBoss Enterprise Application Platform security update 2008-03-24 22:16:50 UTC
Red Hat Product Errata RHSA-2008:0213 normal SHIPPED_LIVE Moderate: JBoss Enterprise Application Platform 4.2.0CP02 security update 2008-04-02 20:42:53 UTC
Red Hat Product Errata RHSA-2008:0630 normal SHIPPED_LIVE Low: Red Hat Network Satellite Server security update 2008-08-13 14:55:17 UTC

Description Tomas Hoger 2007-12-12 08:27:06 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6306 to the following vulnerability:

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.

References:

http://www.securityfocus.com/archive/1/archive/1/484709/100/0/threaded
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662
http://www.rapid7.com/advisories/R7-0031.jsp
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679&r2=680
http://www.securityfocus.com/bid/26752
http://secunia.com/advisories/27959
http://xforce.iss.net/xforce/xfdb/38922


Note You need to log in before you can comment on or make changes to this bug.