CVE-2011-2712
CVE-2011-2712 is a cross-site scripting (XSS) vulnerability affecting Apache Wicket 1.4.x prior to 1.4.18 when setAutomaticMultiWindowSupport is enabled. The root cause is the application’s multi-window support configuration enabling injection of arbitrary JavaScript/HTML via unspecified paramete...