CVE-2011-2712 Vulnerability in maven package org.apache.wicket:wicket

Description

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Remediation

References

http://www.securityfocus.com/bid/49290

http://wicket.apache.org/2011/08/23/cve-2011-2712.html

http://secunia.com/advisories/45727

http://securityreason.com/securityalert/8357

http://www.securitytracker.com/id?1025976

https://exchange.xforce.ibmcloud.com/vulnerabilities/69394

http://www.securityfocus.com/archive/1/519398/100/0/threaded

Related Vulnerabilities

CVE-2018-14042 Vulnerability in npm package bootstrap-sass

CVE-2015-5349 Vulnerability in maven package org.apache.directory.studio:org.apache.directory.studio.ldapbrowser.core

CVE-2019-13173 Vulnerability in maven package org.webjars.npm:fstream

CVE-2020-2125 Vulnerability in maven package ru.yandex.jenkins.plugins.debuilder:debian-package-builder

CVE-2017-1000504 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-79