Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. http://www.frsirt.com/english/advisories/2008/0808/references http://xforce.iss.net/xforce/xfdb/41081
used in jboss glassfish-jsf package
This was addressed via: JBoss Enterprise Application Platform for RHEL 4 AS (RHSA-2008:0825) JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS (RHSA-2008:0826) JBoss Enterprise Application Platform for RHEL 5 Server (RHSA-2008:0827) JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server (RHSA-2008:0828)