[CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter

2012-04-09T00:00:00
ID SECURITYVULNS:DOC:27911
Type securityvulns
Reporter Securityvulns
Modified 2012-04-09T00:00:00

Description

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Wicket 1.4.x

Apache Wicket 1.3.x and 1.5.x are not affected

Description: A Cross Site Scripting (XSS) attack is possible by manipulating the value of 'wicket:pageMapName' request parameter.

Mitigation: Upgrade to Apache Wicket 1.4.20 or 1.5.5.

Credit: This issue was discovered by Jens Schenck.

Apache Wicket Team