CVE-2011-2712

2011-08-2915:00:00

redhat

www.cve.org

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

73.8%

JSON

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

References

secunia.com/advisories/45727

securityreason.com/securityalert/8357

wicket.apache.org/2011/08/23/cve-2011-2712.html

www.securityfocus.com/archive/1/519398/100/0/threaded

www.securityfocus.com/bid/49290

www.securitytracker.com/id?1025976

exchange.xforce.ibmcloud.com/vulnerabilities/69394