org.apache.wicket:wicket@1.4.16 vulnerabilities

org.apache.wicket:wicket Affected versions of the package are vulnerable to Cross-site Scripting (XSS). It is possible for JavaScript statements to break out of a <script> tag in the rendered response. This might pose a security threat if the written JavaScript contains user provided data.

org.apache.wicket:wicket Cross-site Scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.

org.apache.wicket:wicket Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup.

org.apache.wicket:wicket Cross-site Scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

org.apache.wicket:wicket Cross-site Scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.