Description
Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.
Remediation
References
https://wicket.apache.org/news/2014/09/22/cve-2014-3526.html
Related Vulnerabilities
CVE-2023-36471 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml
CVE-2022-46166 Vulnerability in maven package de.codecentric:spring-boot-admin-server
CVE-2017-16010 Vulnerability in maven package org.webjars.bower:i18next
CVE-2011-2487 Vulnerability in maven package org.apache.cxf:cxf
CVE-2021-23901 Vulnerability in maven package org.apache.nutch:nutch