WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2015-7520 Vulnerability in maven package org.apache.wicket:wicket-core

Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a element.

Remediation

References

http://wicket.apache.org/news/2016/03/02/cve-2015-7520.html

http://www.securitytracker.com/id/1035166

Related Vulnerabilities

CVE-2023-45648 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2022-34190 Vulnerability in maven package eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin

CVE-2022-41936 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rest-server

CVE-2022-41919 Vulnerability in npm package fastify

CVE-2019-10384 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Third Party Advisory VDB Entry