Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a element.

Remediation

References

http://wicket.apache.org/news/2016/03/02/cve-2015-7520.html

http://www.securitytracker.com/id/1035166

Related Vulnerabilities

CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_sjs1_2.13

CVE-2014-0230 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty.ee10:jetty-ee10-servlets

CVE-2018-1196 Vulnerability in maven package org.springframework.boot:spring-boot-loader-tools

CVE-2019-1003091 Vulnerability in maven package com.soasta.jenkins:cloudtest

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Third Party Advisory VDB Entry