org.apache.wicket:wicket 1.4.18

Direct Vulnerabilities

Known vulnerabilities in the org.apache.wicket:wicket package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) `org.apache.wicket:wicket` Affected versions of the package are vulnerable to Cross-site Scripting (XSS). It is possible for JavaScript statements to break out of a `<script>` tag in the rendered response. This might pose a security threat if the written JavaScript contains user provided data.	[1.4.0,1.4.22)[1.5.0,1.5.10)[1.6,6.4.0)
M Cross-site Scripting (XSS) `org.apache.wicket:wicket` Cross-site Scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.	[1.4.0,1.4.21)[1.5.0,1.5.8)
M Information Exposure `org.apache.wicket:wicket` Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup.	[1.4.0,1.4.23)[1.5.0,1.5.11)[6.0.0,6.8.0)
M Cross-site Scripting (XSS) `org.apache.wicket:wicket` Cross-site Scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.	[1.4.0,1.4.20)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

org.apache.wicket:wicket Affected versions of the package are vulnerable to Cross-site Scripting (XSS). It is possible for JavaScript statements to break out of a <script> tag in the rendered response. This might pose a security threat if the written JavaScript contains user provided data.

[1.4.0,1.4.22)[1.5.0,1.5.10)[1.6,6.4.0)

Cross-site Scripting (XSS)

org.apache.wicket:wicket Cross-site Scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.

[1.4.0,1.4.21)[1.5.0,1.5.8)

Information Exposure

org.apache.wicket:wicket Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup.

[1.4.0,1.4.23)[1.5.0,1.5.11)[6.0.0,6.8.0)

Cross-site Scripting (XSS)

org.apache.wicket:wicket Cross-site Scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.

[1.4.0,1.4.20)

org.apache.wicket:wicket@1.4.18

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically