421081 – (CVE-2007-6306) CVE-2007-6306 JFreeChart: XSS vulnerabilities in the image map feature

Bug 421081 (CVE-2007-6306) - CVE-2007-6306 JFreeChart: XSS vulnerabilities in the image map feature

Summary: CVE-2007-6306 JFreeChart: XSS vulnerabilities in the image map feature

Keywords:
Status:	RELEASE_PENDING
Alias:	CVE-2007-6306
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:	http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard:
Depends On:	428802 428806 428807 428809 433822 440523 445323 449337
Blocks:	444136
TreeView+	depends on / blocked

Reported:	2007-12-12 08:27 UTC by Tomas Hoger
Modified:	2023-07-07 08:35 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2008:0151	normal	SHIPPED_LIVE	Moderate: JBoss Enterprise Application Platform 4.2.0CP02 security update	2008-04-02 20:44:45 UTC
Red Hat Product Errata	RHSA-2008:0158	normal	SHIPPED_LIVE	Moderate: JBoss Enterprise Application Platform security update	2008-03-24 22:16:50 UTC
Red Hat Product Errata	RHSA-2008:0213	normal	SHIPPED_LIVE	Moderate: JBoss Enterprise Application Platform 4.2.0CP02 security update	2008-04-02 20:42:53 UTC
Red Hat Product Errata	RHSA-2008:0630	normal	SHIPPED_LIVE	Low: Red Hat Network Satellite Server security update	2008-08-13 14:55:17 UTC

Description Tomas Hoger 2007-12-12 08:27:06 UTC

Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6306 to the following vulnerability:

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.

References:

http://www.securityfocus.com/archive/1/archive/1/484709/100/0/threaded
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662
http://www.rapid7.com/advisories/R7-0031.jsp
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679&r2=680
http://www.securityfocus.com/bid/26752
http://secunia.com/advisories/27959
http://xforce.iss.net/xforce/xfdb/38922

Note You need to log in before you can comment on or make changes to this bug.