Description
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://wicket.apache.org/news/2013/03/03/cve-2012-5636.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101644
Scores
CVSS v3
6.1
EPSS
0.0309
EPSS Percentile
86.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (37)
apache/wicket
1.4.0
apache/wicket
1.4.1
apache/wicket
1.4.2
apache/wicket
1.4.3
apache/wicket
1.4.4
apache/wicket
1.4.5
apache/wicket
1.4.6
apache/wicket
1.4.7
apache/wicket
1.4.8
apache/wicket
1.4.9
... and 27 more
Published
Oct 30, 2017
Tracked Since
Feb 18, 2026