Cross site scripting

2016-04-1217:59:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.6%

JSON

Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title.

CPENameOperatorVersion
wicketge1.5.0
wicketlt1.5.15
wicketge6.0.0
wicketlt6.22.0
wicketge7.0
wicketlt7.2.0

Name	Operator	Version
wicket	ge	1.5.0
wicket	lt	1.5.15
wicket	ge	6.0.0
wicket	lt	6.22.0
wicket	ge	7.0
wicket	lt	7.2.0

References

wicket.apache.org/news/2016/03/01/cve-2015-5347.html

www.securitytracker.com/id/1035165

issues.apache.org/jira/browse/WICKET-6037