Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- Apache Software Foundation / Apache Wicket8.0.0 – 8.17.0
- Apache Software Foundation / Apache Wicket9.0.0 – 9.22.0
- Apache Software Foundation / Apache Wicket10.0.0 – 10.8.0