oss-sec mailing list archives
[CVE-2015-7520] Apache Wicket XSS vulnerability
From: Martin Grigorov <mgrigorov () apache org>
Date: Wed, 2 Mar 2016 16:03:54 +0100
Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.5.x, 6.x and 7.x Description: It is possible for JavaScript statements to break out of a RadioGroup’s and CheckBoxMultipleChoice’s “value” attribute of <input> elements This might pose a security threat if the written JavaScript contains user provided data. The application developers are recommended to upgrade to: - Apache Wicket 1.5.15 - Apache Wicket 6.22.0 - Apache Wicket 7.2.0 Credit: This issue was reported by Canh Ngo! Apache Wicket Team
Current thread:
- [CVE-2015-7520] Apache Wicket XSS vulnerability Martin Grigorov (Mar 02)