Wicket@1.4.20 Security Vulnerabilities and Issues — Wicket@1.4.20 CVE List

Lucene search

ApacheWicket1.4.20

3 matches found

CVE•added 2012/09/19 7:55 p.m.•56 views

CVE-2012-3373

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.

4.3CVSS5.8AI score0.01795EPSS

CVE•added 2017/10/30 7:29 p.m.•38 views

CVE-2012-5636

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to [removed] tags in a rendered response.

6.1CVSS5.9AI score0.01201EPSS

CVE•added 2014/02/10 11:55 p.m.•38 views

CVE-2013-2055

Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:pa...

5CVSS6.1AI score0.01627EPSS