CVE-2011-2712

Currently unrated

Key Information:

Vendor: Apache
Status: Wicket
Vendor: CVE Published:; 29 August 2011

Summary

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

References

http://secunia.com/advisories/45727

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id?1025976

vdb-entryx_refsource_SECTRACK

http://securityreason.com/securityalert/8357

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Aug 29, 2011
Vulnerability Reserved
Jul 11, 2011