Cross-Site Scripting Vulnerability in Apache Wicket by the Apache Software Foundation
CVE-2011-2712

Currently unrated

Key Information:

Vendor: Apache
Status: Wicket
Vendor: CVE Published:; 29 August 2011

Summary

A cross-site scripting vulnerability exists within Apache Wicket 1.4.x prior to version 1.4.18, specifically when the setAutomaticMultiWindowSupport feature is enabled. This flaw permits remote attackers to execute arbitrary web scripts or HTML, exploiting unspecified parameters to gain unauthorized access to user sessions and potentially compromising sensitive information.

References

http://secunia.com/advisories/45727

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id?1025976

vdb-entryx_refsource_SECTRACK

http://securityreason.com/securityalert/8357

third-party-advisoryx_refsource_SREASON

Timeline

Vulnerability published
Aug 29, 2011
Vulnerability Reserved
Jul 11, 2011