Lucene search
+L

8 matches found

snyk
snyk
added 2026/05/06 11:25 a.m.7 views

Directory Traversal

Overview org.apache.wicket:wicket-core is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing an...

9.1CVSS6.3AI score0.00732EPSS
Exploits0References2
snyk
snyk
added 2026/05/06 11:24 a.m.8 views

Cross-site Scripting (XSS)

Overview org.apache.wicket:wicket-core is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing an...

7.2CVSS5.7AI score0.00357EPSS
Exploits0References2
snyk
snyk
added 2026/05/06 11:24 a.m.8 views

Directory Traversal

Overview org.apache.wicket:wicket-core is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing an...

8.7CVSS6.2AI score0.00394EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-16274

Malware in sbrugna...

9.4CVSS9.4AI score0.09641EPSS
Exploits2References5
veracode
veracode
added 2021/05/10 4:38 a.m.22 views

Information Disclosure

wicket-core is vulnerable to information disclosure. An attacker is able to see discover confidential information within a HTML template which is usually removed during rendering by submitting a malicious URL to cause Wicket deliver unprocessed HTML templates...

7.5CVSS0.9AI score0.03759EPSS
Exploits0References15Affected Software1
nvd
nvd
added 2019/03/21 4:1 p.m.28 views

CVE-2019-6716

An unauthenticated Insecure Direct Object Reference IDOR in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs backup and synchronization jobs, which could...

9.4CVSS9.2AI score0.09641EPSS
Exploits2References3
cvelist
cvelist
added 2019/03/17 5:50 p.m.32 views

CVE-2019-6716

An unauthenticated Insecure Direct Object Reference IDOR in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote attacker to enumerate internal Active Directory usernames and group names, and alter back-end server jobs backup and synchronization jobs, which could...

9.2AI score0.09641EPSS
Exploits2References3
cve
cve
added 2019/03/17 5:50 p.m.50 views

CVE-2019-6716

The CVE-2019-6716 issue affects LogonBox Limited/Nervepoint Access Manager (versions 1.2–1.4-RG3; 2013–2017) where an unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core enables an attacker to enumerate internal Active Directory usernames and group names and to alter back-end j...

9.4CVSS9AI score0.09641EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder