WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2013-2055 Vulnerability in maven package org.apache.wicket:wicket

Description

Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup.

Remediation

References

http://osvdb.org/102955

http://seclists.org/fulldisclosure/2014/Feb/38

http://www.securityfocus.com/bid/65431

https://wicket.apache.org/2013/05/17/wicket-6.8.0-released.html

https://wicket.apache.org/2014/02/06/cve-2013-2055.html

Related Vulnerabilities

CVE-2022-45393 Vulnerability in maven package org.jenkins-ci.plugins:delete-log-plugin

CVE-2022-34212 Vulnerability in maven package org.jenkins-ci.plugins:vmware-vrealize-orchestrator

CVE-2023-32998 Vulnerability in maven package com.rapid7:jenkinsci-appspider-plugin

CVE-2021-41616 Vulnerability in maven package org.apache.ddlutils:ddlutils

CVE-2021-21627 Vulnerability in maven package org.jenkins-ci.plugins:libvirt-slave

Severity

Critical

Tags

Vendor Advisory NVD-CWE-noinfo