Description
Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a element.
Remediation
References
http://www.securitytracker.com/id/1035166
http://wicket.apache.org/news/2016/03/02/cve-2015-7520.html
Related Vulnerabilities
CVE-2021-43861 Vulnerability in npm package mermaid
CVE-2020-7733 Vulnerability in maven package org.webjars.npm:ua-parser-js
CVE-2020-15366 Vulnerability in npm package ajv
CVE-2019-15608 Vulnerability in maven package org.webjars.npm:yarn
CVE-2017-7683 Vulnerability in maven package org.apache.openmeetings:openmeetings-server