Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a element.

Remediation

References

http://www.securitytracker.com/id/1035166

http://wicket.apache.org/news/2016/03/02/cve-2015-7520.html

Related Vulnerabilities

CVE-2019-10756 Vulnerability in npm package node-red-dashboard

CVE-2018-20677 Vulnerability in maven package org.webjars:bootstrap

CVE-2022-28367 Vulnerability in maven package org.owasp:antisamy

CVE-2014-0113 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2018-3758 Vulnerability in npm package express-cart

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory