2 matches found
CVE-2020-11976
By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5...
CVE-2020-11976
CVE-2020-11976 describes an information-disclosure vulnerability in Apache Wicket: by using a specially crafted URL an attacker can cause Wicket to deliver unprocessed HTML templates, potentially exposing sensitive data embedded in templates. Affected versions are 7.16.0, 8.8.0, and 9.0.0-M5. The...