Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability

Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability

Solution:
The vendor has released version 1.1.6 to address this issue; please see the reference section for details.

Apache MyFaces Tomahawk 1.1.5

Apache tomahawk-1.1.6-bin.tar.gz
http://www.apache.org/dyn/closer.cgi/myfaces/binaries/tomahawk-1.1.6-b in.tar.gz