Bug#456148: CVE-2007-6306: Multiple cross-site scripting vulnerabilities
Steffen Joeris
steffen.joeris at skolelinux.de
Thu Dec 13 08:58:58 UTC 2007
Package: libjfreechart-java
Severity: important
Tags: security
Hi
The following CVE[0] has been issued against libjfreechart-java.
CVE-2007-6306:
Multiple cross-site scripting (XSS) vulnerabilities in the image map
feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary
web script or HTML via the (1) chart name or (2) chart tool tip text; or
the (3) href, (4) shape, or (5) coords attribute of a chart area.
A potential patch can be found here[1][2], not quite sure, if there is
more.
Please mention the CVE id in the changelog, when you fix this issue.
Thanks for your efforts.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6306
[1]:
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662
[2]:
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662
More information about the pkg-java-maintainers
mailing list