Bug 421081 (CVE-2007-6306) - CVE-2007-6306 JFreeChart: XSS vulnerabilities in the image map feature
Summary: CVE-2007-6306 JFreeChart: XSS vulnerabilities in the image map feature
Keywords:
Status: RELEASE_PENDING
Alias: CVE-2007-6306
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard:
Depends On: 428802 428806 428807 428809 433822 440523 445323 449337
Blocks: 444136
TreeView+ depends on / blocked
 
Reported: 2007-12-12 08:27 UTC by Tomas Hoger
Modified: 2023-07-07 08:35 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0151 0 normal SHIPPED_LIVE Moderate: JBoss Enterprise Application Platform 4.2.0CP02 security update 2008-04-02 20:44:45 UTC
Red Hat Product Errata RHSA-2008:0158 0 normal SHIPPED_LIVE Moderate: JBoss Enterprise Application Platform security update 2008-03-24 22:16:50 UTC
Red Hat Product Errata RHSA-2008:0213 0 normal SHIPPED_LIVE Moderate: JBoss Enterprise Application Platform 4.2.0CP02 security update 2008-04-02 20:42:53 UTC
Red Hat Product Errata RHSA-2008:0630 0 normal SHIPPED_LIVE Low: Red Hat Network Satellite Server security update 2008-08-13 14:55:17 UTC

Description Tomas Hoger 2007-12-12 08:27:06 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6306 to the following vulnerability:

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.

References:

http://www.securityfocus.com/archive/1/archive/1/484709/100/0/threaded
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662
http://www.rapid7.com/advisories/R7-0031.jsp
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679&r2=680
http://www.securityfocus.com/bid/26752
http://secunia.com/advisories/27959
http://xforce.iss.net/xforce/xfdb/38922


Note You need to log in before you can comment on or make changes to this bug.