Description
Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a element.
Remediation
References
http://wicket.apache.org/news/2016/03/02/cve-2015-7520.html
http://www.securitytracker.com/id/1035166
Related Vulnerabilities
CVE-2016-0714 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2018-1000153 Vulnerability in maven package org.jenkins-ci.plugins:vsphere-cloud
CVE-2023-25576 Vulnerability in npm package @fastify/multipart
CVE-2017-15701 Vulnerability in maven package org.apache.qpid:qpid-broker
CVE-2010-2076 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal