Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a element.

Remediation

References

http://www.securitytracker.com/id/1035166

http://wicket.apache.org/news/2016/03/02/cve-2015-7520.html

Related Vulnerabilities

CVE-2017-5662 Vulnerability in maven package org.eclipse.birt.runtime:org.apache.batik.dom

CVE-2023-31581 Vulnerability in maven package com.usthe.sureness:sureness-core

CVE-2019-10356 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2020-14967 Vulnerability in maven package org.webjars.bower:jsrsasign

CVE-2020-7725 Vulnerability in npm package worksmith

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory