Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2015-7520 Vulnerability in maven package org.apache.wicket:wicket-core

Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a element.

Remediation

References

http://wicket.apache.org/news/2016/03/02/cve-2015-7520.html

http://www.securitytracker.com/id/1035166

Related Vulnerabilities

CVE-2022-42466 Vulnerability in maven package org.apache.isis.core:isis-applib

CVE-2023-20873 Vulnerability in maven package org.springframework.boot:spring-boot-actuator-autoconfigure

CVE-2023-33725 Vulnerability in maven package org.broadleafcommerce:broadleaf

CVE-2011-3375 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2020-2110 Vulnerability in maven package org.jenkins-ci.plugins:script-security

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Third Party Advisory VDB Entry