Description
Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a element.
Remediation
References
http://wicket.apache.org/news/2016/03/02/cve-2015-7520.html
http://www.securitytracker.com/id/1035166
Related Vulnerabilities
CVE-2020-2247 Vulnerability in maven package org.jenkins-ci.plugins:klocwork
CVE-2022-24785 Vulnerability in maven package org.webjars.bowergithub.moment:moment
CVE-2020-25724 Vulnerability in maven package io.quarkus:quarkus-resteasy-reactive-parent-aggregator
CVE-2018-17960 Vulnerability in maven package org.webjars:ckeditor
CVE-2018-7408 Vulnerability in maven package org.webjars.npm:npm