Description
Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.
Remediation
References
https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html
Related Vulnerabilities
CVE-2022-43670 Vulnerability in maven package org.apache.sling:org.apache.sling.cms
CVE-2020-14338 Vulnerability in maven package xerces:xercesimpl
CVE-2021-46366 Vulnerability in maven package info.magnolia:magnolia-core
CVE-2020-14966 Vulnerability in maven package org.webjars.npm:jsrsasign
CVE-2018-1297 Vulnerability in maven package org.apache.jmeter:apachejmeter