Cross-site Scripting (XSS)
org.apache.wicket:wicket
Affected versions of the package are vulnerable to Cross-site Scripting (XSS). It is possible for JavaScript statements to break out of a <script> tag in the rendered response. This might pose a security threat if the written JavaScript contains user provided data.
|
[1.4.0,1.4.22)
[1.5.0,1.5.10)
[1.6,6.4.0)
|
Cross-site Scripting (XSS)
org.apache.wicket:wicket
Cross-site Scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
|
[1.4.0,1.4.21)
[1.5.0,1.5.8)
|
Information Exposure
org.apache.wicket:wicket
Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup.
|
[1.4.0,1.4.23)
[1.5.0,1.5.11)
[6.0.0,6.8.0)
|
Cross-site Scripting (XSS)
org.apache.wicket:wicket
Cross-site Scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
| |
Cross-site Scripting (XSS)
org.apache.wicket:wicket
Cross-site Scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
| |