Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a element.

Remediation

References

http://wicket.apache.org/news/2016/03/02/cve-2015-7520.html

http://www.securitytracker.com/id/1035166

Related Vulnerabilities

CVE-2020-11991 Vulnerability in maven package org.apache.cocoon:cocoon-core

CVE-2018-1000602 Vulnerability in maven package org.jenkins-ci.plugins:saml

CVE-2021-40146 Vulnerability in maven package org.apache.any23:apache-any23-core

CVE-2022-45392 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration

CVE-2015-3190 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Third Party Advisory VDB Entry