WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2015-7520 Vulnerability in maven package org.apache.wicket:wicket-core

Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a element.

Remediation

References

http://wicket.apache.org/news/2016/03/02/cve-2015-7520.html

http://www.securitytracker.com/id/1035166

Related Vulnerabilities

CVE-2023-37946 Vulnerability in maven package org.openshift.jenkins:openshift-login

CVE-2019-1003060 Vulnerability in maven package org.jenkins-ci.plugins:zap

CVE-2013-0239 Vulnerability in maven package org.apache.cxf:cxf-bundle

CVE-2022-25927 Vulnerability in maven package org.webjars.npm:ua-parser-js

CVE-2021-32860 Vulnerability in maven package org.webjars.npm:izimodal

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Third Party Advisory VDB Entry