CVE-2007-6306 - Vulnerability Details

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jfree	Jfreechart
Redhat	Jboss Enterprise Application Platform Network Satellite Rhel Application Stack

Configuration 1 [-]

cpe:2.3:o:jfree:jfreechart:1.0.8:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
JBEAP 4.2.0 for RHEL 4
glassfish-javamail-0:1.4.0-0jpp.ep1.8	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jacorb-0:2.3.0-1jpp.ep1.4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jcommon-0:1.0.12-1jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jfreechart-0:1.0.9-1jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
jgroups-1:2.4.1-1.SP4.0jpp.ep1.2	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0151	2008-04-02T00:00:00Z
JBEAP 4.2.0 for RHEL 5
hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jacorb-0:2.3.0-1jpp.ep1.5.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jcommon-0:1.0.12-1jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
jfreechart-0:1.0.9-1jpp.ep1.2.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0213	2008-04-02T00:00:00Z
Red Hat Network Satellite Server v 4.2
jabberd-0:2.0s10-3.38.rhn	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
jfreechart-0:0.9.20-3.rhn	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
openmotif21-0:2.1.30-11.RHEL4.6	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modjk-0:1.2.23-2rhn.rhel4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modperl-0:1.29-16.rhel4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modssl-0:2.8.12-8.rhn.10.rhel4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
Red Hat Network Satellite Server v 4.2 (RHEL3)
jabberd-0:2.0s10-3.37.rhn	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
jfreechart-0:0.9.20-3.rhn	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
openmotif21-0:2.1.30-9.RHEL3.8	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modjk-0:1.2.23-2rhn.rhel3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modperl-0:1.29-16.rhel3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modssl-0:2.8.12-8.rhn.10.rhel3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
Red Hat Network Satellite Server v 5.0
jabberd-0:2.0s10-3.38.rhn	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
jfreechart-0:0.9.20-3.rhn	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
openmotif21-0:2.1.30-11.RHEL4.6	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
rhn-modjk-0:1.2.23-2rhn.rhel4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
rhn-modperl-0:1.29-16.rhel4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
rhn-modssl-0:2.8.12-8.rhn.10.rhel4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
Red Hat Network Satellite Server v 5.1
jfreechart-0:0.9.20-3.rhn	cpe:/a:redhat:network_satellite:5.1::el4	RHSA-2008:0630	2008-08-13T00:00:00Z
mod_perl-0:2.0.2-12.el4	cpe:/a:redhat:network_satellite:5.1::el4	RHSA-2008:0630	2008-08-13T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el4	cpe:/a:redhat:network_satellite:5.1::el4	RHSA-2008:0630	2008-08-13T00:00:00Z
rhn-web-0:5.1.1-7	cpe:/a:redhat:network_satellite:5.1::el4	RHSA-2008:0630	2008-08-13T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh	cpe:/a:redhat:network_satellite:5.1::el4	RHSA-2008:0630	2008-08-13T00:00:00Z
Red Hat Web Application Stack for RHEL 4
concurrent-0:1.3.4-7jpp.ep1.6.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
glassfish-javamail-0:1.4.0-0jpp.ep1.8	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
glassfish-jstl-0:1.2.0-0jpp.ep1.2	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jacorb-0:2.3.0-1jpp.ep1.4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jboss-common-0:1.2.1-0jpp.ep1.2	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.3.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jcommon-0:1.0.12-1jpp.ep1.2.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jfreechart-0:1.0.9-1jpp.ep1.2.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
jgroups-1:2.4.1-1.SP4.0jpp.ep1.2	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z
wsdl4j-0:1.6.2-1jpp.ep1.8	cpe:/a:redhat:rhel_application_stack:1	RHSA-2008:0158	2008-03-24T00:00:00Z

References

Link	Providers
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679&r2=680
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662
http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662
http://osvdb.org/41843
http://osvdb.org/41844
http://osvdb.org/41845
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://secunia.com/advisories/27959
http://secunia.com/advisories/31493
http://securityreason.com/securityalert/3430
http://www.rapid7.com/advisories/R7-0031.jsp
http://www.redhat.com/support/errata/RHSA-2008-0151.html
http://www.redhat.com/support/errata/RHSA-2008-0158.html
http://www.redhat.com/support/errata/RHSA-2008-0213.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securityfocus.com/archive/1/484709/100/0/threaded
http://www.securityfocus.com/bid/26752
https://exchange.xforce.ibmcloud.com/vulnerabilities/38922
https://nvd.nist.gov/vuln/detail/CVE-2007-6306
https://www.cve.org/CVERecord?id=CVE-2007-6306

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-12-11T21:00:00

Updated: 2024-08-07T16:02:36.495Z

Reserved: 2007-12-11T00:00:00

Link: CVE-2007-6306

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-12-11T21:46:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-6306

Redhat

Severity : Moderate

Publid Date: 2007-12-06T00:00:00Z

Links: CVE-2007-6306 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-06T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2008:0630", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"}, {"name": "RHSA-2008:0213", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rapid7.com/advisories/R7-0031.jsp"}, {"name": "31493", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31493"}, {"name": "27959", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27959"}, {"name": "RHSA-2008:0151", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679&r2=680"}, {"tags": ["x_refsource_MISC"], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662"}, {"name": "26752", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26752"}, {"name": "20071206 R7-0031: JFreeChart Image Map Cross-Site Scripting Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/484709/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662"}, {"name": "41843", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/41843"}, {"name": "41844", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/41844"}, {"name": "3430", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3430"}, {"name": "41845", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/41845"}, {"name": "RHSA-2008:0158", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"}, {"name": "RHSA-2008:0261", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"name": "jfreechart-imagemap-xss(38922)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38922"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6306", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2008:0630", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"}, {"name": "RHSA-2008:0213", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"}, {"name": "http://www.rapid7.com/advisories/R7-0031.jsp", "refsource": "MISC", "url": "http://www.rapid7.com/advisories/R7-0031.jsp"}, {"name": "31493", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31493"}, {"name": "27959", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27959"}, {"name": "RHSA-2008:0151", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"}, {"name": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679&r2=680", "refsource": "CONFIRM", "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679&r2=680"}, {"name": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662", "refsource": "MISC", "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662"}, {"name": "26752", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26752"}, {"name": "20071206 R7-0031: JFreeChart Image Map Cross-Site Scripting Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/484709/100/0/threaded"}, {"name": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662", "refsource": "MISC", "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662"}, {"name": "41843", "refsource": "OSVDB", "url": "http://osvdb.org/41843"}, {"name": "41844", "refsource": "OSVDB", "url": "http://osvdb.org/41844"}, {"name": "3430", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3430"}, {"name": "41845", "refsource": "OSVDB", "url": "http://osvdb.org/41845"}, {"name": "RHSA-2008:0158", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"}, {"name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"name": "jfreechart-imagemap-xss(38922)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38922"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:02:36.495Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2008:0630", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"}, {"name": "RHSA-2008:0213", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rapid7.com/advisories/R7-0031.jsp"}, {"name": "31493", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31493"}, {"name": "27959", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27959"}, {"name": "RHSA-2008:0151", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679&r2=680"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662"}, {"name": "26752", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26752"}, {"name": "20071206 R7-0031: JFreeChart Image Map Cross-Site Scripting Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/484709/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662"}, {"name": "41843", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/41843"}, {"name": "41844", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/41844"}, {"name": "3430", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3430"}, {"name": "41845", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/41845"}, {"name": "RHSA-2008:0158", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"}, {"name": "RHSA-2008:0261", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"name": "jfreechart-imagemap-xss(38922)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38922"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6306", "datePublished": "2007-12-11T21:00:00", "dateReserved": "2007-12-11T00:00:00", "dateUpdated": "2024-08-07T16:02:36.495Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:jfree:jfreechart:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "E3972FA8-57E2-4C8B-B8F3-4130FF78D4D2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la caracter\u00edstica de trazo de plano de una imagen en JFreeChart 1.0.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de (1) un nombre de traza o (2) herramienta de texto gr\u00e1fico; o los atributos (3) href, (4) shape, o (5) coords de un \u00e1rea de traza."}], "id": "CVE-2007-6306", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-12-11T21:46:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679&r2=680"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/41843"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/41844"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/41845"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27959"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31493"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3430"}, {"source": "cve@mitre.org", "url": "http://www.rapid7.com/advisories/R7-0031.jsp"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/484709/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26752"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38922"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/branches/jfreechart-1.0.8-security/NEWS?r1=679&r2=680"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/entity/ChartEntity.java?r1=662&r2=661&pathrev=662"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://jfreechart.svn.sourceforge.net/viewvc/jfreechart/trunk/source/org/jfree/chart/imagemap/ImageMapUtilities.java?r1=662&r2=661&pathrev=662"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/41843"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/41844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/41845"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27959"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31493"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3430"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.rapid7.com/advisories/R7-0031.jsp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/484709/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26752"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38922"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "glassfish-javamail-0:1.4.0-0jpp.ep1.8", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jacorb-0:2.3.0-1jpp.ep1.4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-seam-0:1.2.1-1.ep1.3.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossws-jboss42-0:1.2.1-0jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jcommon-0:1.0.12-1jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jfreechart-0:1.0.9-1jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-0:3.2.4-1.SP1_CP02.0jpp.ep1.1.el5.1", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el5.1", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jacorb-0:2.3.0-1jpp.ep1.5.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossas-0:4.2.0-4.GA_CP02.ep1.3.el5.3", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-seam-0:1.2.1-1.ep1.3.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jcommon-0:1.0.12-1jpp.ep1.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jfreechart-0:1.0.9-1jpp.ep1.2.el5.1", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0213", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el5.1", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-04-02T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "jabberd-0:2.0s10-3.38.rhn", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "openmotif21-0:2.1.30-11.RHEL4.6", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "perl-Crypt-CBC-0:2.24-1.el4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-apache-0:1.3.27-36.rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-modjk-0:1.2.23-2rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-modperl-0:1.29-16.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "jabberd-0:2.0s10-3.37.rhn", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "openmotif21-0:2.1.30-9.RHEL3.8", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "perl-Crypt-CBC-0:2.24-1.el3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-apache-0:1.3.27-36.rhn.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-modjk-0:1.2.23-2rhn.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-modperl-0:1.29-16.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-modssl-0:2.8.12-8.rhn.10.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "jabberd-0:2.0s10-3.38.rhn", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "openmotif21-0:2.1.30-11.RHEL4.6", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "perl-Crypt-CBC-0:2.24-1.el4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-apache-0:1.3.27-36.rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-modjk-0:1.2.23-2rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-modperl-0:1.29-16.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0630", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2008-08-13T00:00:00Z"}, {"advisory": "RHSA-2008:0630", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "mod_perl-0:2.0.2-12.el4", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2008-08-13T00:00:00Z"}, {"advisory": "RHSA-2008:0630", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "perl-Crypt-CBC-0:2.24-1.el4", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2008-08-13T00:00:00Z"}, {"advisory": "RHSA-2008:0630", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "rhn-web-0:5.1.1-7", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2008-08-13T00:00:00Z"}, {"advisory": "RHSA-2008:0630", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2008-08-13T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "concurrent-0:1.3.4-7jpp.ep1.6.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "glassfish-jaf-0:1.1.0-0jpp.ep1.10.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "glassfish-javamail-0:1.4.0-0jpp.ep1.8", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "glassfish-jsf-0:1.2_04-1.p02.0jpp.ep1.18", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "glassfish-jstl-0:1.2.0-0jpp.ep1.2", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "hibernate3-1:3.2.4-1.SP1_CP02.0jpp.ep1.1.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.2.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "hibernate3-entitymanager-0:3.2.1-1jpp.ep1.6.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "hsqldb-1:1.8.0.8-2.patch01.1jpp.ep1.1", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jacorb-0:2.3.0-1jpp.ep1.4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jbossas-0:4.2.0-3.GA_CP02.ep1.3.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jboss-cache-0:1.4.1-4.SP8_CP01.1jpp.ep1.1.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jboss-common-0:1.2.1-0jpp.ep1.2", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jboss-remoting-0:2.2.2-3.SP4.0jpp.ep1.1", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jboss-seam-0:1.2.1-1.ep1.3.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jbossweb-0:2.0.0-3.CP05.0jpp.ep1.1", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jbossws-wsconsume-impl-0:2.0.0-0jpp.ep1.3", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jcommon-0:1.0.12-1jpp.ep1.2.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jfreechart-0:1.0.9-1jpp.ep1.2.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "jgroups-1:2.4.1-1.SP4.0jpp.ep1.2", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "rh-eap-docs-0:4.2.0-3.GA_CP02.ep1.1.el4", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}, {"advisory": "RHSA-2008:0158", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "wsdl4j-0:1.6.2-1jpp.ep1.8", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2008-03-24T00:00:00Z"}], "bugzilla": {"description": "JFreeChart: XSS vulnerabilities in the image map feature", "id": "421081", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=421081"}, "csaw": false, "cwe": "CWE-79", "details": ["Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area."], "name": "CVE-2007-6306", "public_date": "2007-12-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-6306\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-6306"], "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object