CVE-2012-5636

MEDIUM

Apache Wicket <1.4.22, <1.5.10, <6.4.0 - XSS

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://wicket.apache.org/news/2013/03/03/cve-2012-5636.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101644

Scores

CVSS v3 6.1
EPSS 0.0309
EPSS Percentile 86.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (37)
apache/wicket 1.4.0
apache/wicket 1.4.1
apache/wicket 1.4.2
apache/wicket 1.4.3
apache/wicket 1.4.4
apache/wicket 1.4.5
apache/wicket 1.4.6
apache/wicket 1.4.7
apache/wicket 1.4.8
apache/wicket 1.4.9
... and 27 more
Published Oct 30, 2017
Tracked Since Feb 18, 2026