XSS in Apache Wicket
CVE-2012-0047
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.012 (79.3th percentile) — read the EPSS interpretation.
Affected products
- Apache Wicket — versions 1.4.0, 1.4.1, 1.4.2
- N/a — versions n/a
Weakness classification (CWE)
References
- apache-wicket-unspec-xss(74273) (vdb-entry, x_refsource_XF)
- 20120322 [CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter (mailing-list, x_refsource_BUGTRAQ)
- 80300 (x_refsource_OSVDB, vdb-entry)
- 1026839 (vdb-entry, x_refsource_SECTRACK)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)