Home page logo

bugtraq logo Bugtraq mailing list archives

[CVE-2011-2712] Apache Wicket XSS vulnerability
From: Martin Grigorov <mgrigorov () apache org>
Date: Tue, 23 Aug 2011 21:22:28 +0300

Severity: Important

The Apache Software Foundation

Versions Affected:
Apache Wicket 1.4.x

Apache Wicket 1.3.x and 1.5-RCx are not affected

With multi window support application configuration and special query
parameters it
is possible to execute any kind of JavaScript on a site running with the
affected versions.

Either disable multi window support with
or upgrade to Apache Wicket 1.4.18 or 1.5-RC5.1.

This issue was discovered by Sven Krewitt of TÜV Rheinland i-sec GmbH.

Apache Wicket Team

  By Date           By Thread  

Current thread:
  • [CVE-2011-2712] Apache Wicket XSS vulnerability Martin Grigorov (Aug 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]