Description

Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a element.

Remediation

References

http://wicket.apache.org/news/2016/03/02/cve-2015-7520.html

http://www.securitytracker.com/id/1035166

Related Vulnerabilities

CVE-2022-35697 Vulnerability in maven package com.adobe.cq:core.wcm.components.core

CVE-2022-23463 Vulnerability in maven package com.nepxion:discovery-commons

CVE-2018-14041 Vulnerability in maven package org.webjars.bower:bootstrap

CVE-2022-0691 Vulnerability in npm package url-parse

CVE-2017-1000104 Vulnerability in maven package org.jenkins-ci.plugins:config-file-provider

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory Third Party Advisory VDB Entry