Home page logo
/

bugtraq logo Bugtraq mailing list archives

[CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter
From: Martin Grigorov <mgrigorov () apache org>
Date: Thu, 22 Mar 2012 11:49:53 +0200

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Wicket 1.4.x

Apache Wicket 1.3.x and 1.5.x are not affected

Description:
A Cross Site Scripting (XSS) attack is possible by manipulating the
value of 'wicket:pageMapName'
request parameter.

Mitigation:
Upgrade to Apache Wicket 1.4.20 or 1.5.5.

Credit:
This issue was discovered by Jens Schenck.

Apache Wicket Team


  By Date           By Thread  

Current thread:
  • [CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter Martin Grigorov (Mar 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault