Bug 421081 - (CVE-2007-6306) CVE-2007-6306 JFreeChart: XSS vulnerabilities in the image map feature
CVE-2007-6306 JFreeChart: XSS vulnerabilities in the image map feature
Status: RELEASE_PENDING
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
source=cve,reported=20071211,public=2...
: Security
Depends On: 428802 428806 428807 428809 433822 440523 445323 449337
Blocks: 444136
  Show dependency treegraph
 
Reported: 2007-12-12 03:27 EST by Tomas Hoger
Modified: 2016-03-04 06:55 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2007-12-12 03:27:06 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6306 to the following vulnerability:

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.

References:

http://www.securityfocus.com/archive/1/archive/1/484709/100/0/threaded
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662
http://www.rapid7.com/advisories/R7-0031.jsp
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679&r2=680
http://www.securityfocus.com/bid/26752
http://secunia.com/advisories/27959
http://xforce.iss.net/xforce/xfdb/38922

Note You need to log in before you can comment on or make changes to this bug.