Description

Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup.

Remediation

References

https://wicket.apache.org/2013/05/17/wicket-6.8.0-released.html

http://osvdb.org/102955

http://www.securityfocus.com/bid/65431

http://seclists.org/fulldisclosure/2014/Feb/38

https://wicket.apache.org/2014/02/06/cve-2013-2055.html

Related Vulnerabilities

CVE-2019-1351 Vulnerability in maven package org.webjars.npm:nodegit

CVE-2019-10290 Vulnerability in maven package org.jenkins-ci.plugins:netsparker-cloud-scan

CVE-2023-29522 Vulnerability in maven package org.xwiki.platform:xwiki-platform-xclass-ui

CVE-2020-5413 Vulnerability in maven package org.springframework.integration:spring-integration

CVE-2023-28682 Vulnerability in maven package org.jenkins-ci.plugins:perfpublisher

Severity

Critical

Tags

Vendor Advisory NVD-CWE-noinfo