CVE-2007-6306 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href (4) shape or (5) coords attribute of a chart area.

Reference

http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679&r2=680 http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662 http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662 http://osvdb.org/41843 http://osvdb.org/41844 http://osvdb.org/41845 http://rhn.redhat.com/errata/RHSA-2008-0630.html http://secunia.com/advisories/27959 http://secunia.com/advisories/31493 http://securityreason.com/securityalert/3430 http://www.rapid7.com/advisories/R7-0031.jsp http://www.redhat.com/support/errata/RHSA-2008-0151.html http://www.redhat.com/support/errata/RHSA-2008-0158.html http://www.redhat.com/support/errata/RHSA-2008-0213.html http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.securityfocus.com/archive/1/484709/100/0/threaded http://www.securityfocus.com/bid/26752 https://exchange.xforce.ibmcloud.com/vulnerabilities/38922