EUVD-2016-7700

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Apache Wicket is vulnerable to Cross Site Request Forgery attacks, risking user data security.

Reporter	Title	Published	Views	Family All 8
CNVD	Apache Wicket CSRF Vulnerability	24 Oct 201700:00	–	cnvd
CVE	CVE-2016-6806	2 Oct 201713:00	–	cve
Cvelist	CVE-2016-6806	2 Oct 201713:00	–	cvelist
Github Security Blog	Apache Wicket vulnerable to CSRF attacks	17 May 202200:31	–	github
NVD	CVE-2016-6806	3 Oct 201701:29	–	nvd
OpenVAS	Apache Wicket CSRF Detection Vulnerability (Nov 2016)	10 Oct 201700:00	–	openvas
OSV	GHSA-XC66-MG8R-Q6R5 Apache Wicket vulnerable to CSRF attacks	17 May 202200:31	–	osv
Prion	Cross site request forgery (csrf)	3 Oct 201701:29	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "e40c9fe5-4203-3444-916c-18671aadc077",
        "vendor": {
          "name": "Apache Software Foundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "071cf75e-d8ea-3a65-baee-2d144eb18466",
        "product": {
          "name": "Apache Wicket"
        },
        "product_version": "6.22.0"
      },
      {
        "id": "195321dc-91ca-340d-a9db-c5ded5413acd",
        "product": {
          "name": "Apache Wicket"
        },
        "product_version": "6.20.0"
      },
      {
        "id": "40cc9f5a-565d-369b-9d15-2ceade925bc6",
        "product": {
          "name": "Apache Wicket"
        },
        "product_version": "7.2.0"
      },
      {
        "id": "780c752b-dd84-3cac-9cf3-490ac82db244",
        "product": {
          "name": "Apache Wicket"
        },
        "product_version": "6.23.0"
      },
      {
        "id": "7a06aca2-5549-38ae-b46a-72ccd28d5e93",
        "product": {
          "name": "Apache Wicket"
        },
        "product_version": "7.0.0"
      },
      {
        "id": "daee9448-6284-30f1-b0c5-4fec0ba0ca70",
        "product": {
          "name": "Apache Wicket"
        },
        "product_version": "7.4.0"
      },
      {
        "id": "ed0483fb-6fcb-3a39-a152-a83ecfb8fd16",
        "product": {
          "name": "Apache Wicket"
        },
        "product_version": "7.3.0"
      },
      {
        "id": "eff41f5e-cb44-3ab1-a7e1-8937da2e579e",
        "product": {
          "name": "Apache Wicket"
        },
        "product_version": "8.0.0-M1"
      },
      {
        "id": "f411c314-be27-3f0a-b460-a8b8280bdb6d",
        "product": {
          "name": "Apache Wicket"
        },
        "product_version": "6.24.0"
      },
      {
        "id": "f7ba90ba-a592-3365-afd8-3764f10d55de",
        "product": {
          "name": "Apache Wicket"
        },
        "product_version": "6.21.0"
      },
      {
        "id": "ff2779fc-5e0f-3e2c-baa2-cf699cba2cd1",
        "product": {
          "name": "Apache Wicket"
        },
        "product_version": "7.1.0"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread.html/074b72585f4b7c6adda1af52aecbfe1be23c6d6f5bb9382270f059cd@%3Cannounce.apache.org%3E
lists	www.lists.apache.org/thread.html/074b72585f4b7c6adda1af52aecbfe1be23c6d6f5bb9382270f059cd%40%3Cannounce.apache.org%3E
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-6806
github	www.github.com/apache/wicket
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

8.8High risk

Vulners AI Score8.8

CVSS 38.8

CVSS 26.8

EPSS0.00206