Cross-Site Scripting Vulnerability in Apache Wicket by The Apache Software Foundation
CVE-2012-3373

Currently unrated

Key Information:

Vendor

Apache
Status
Wicket
Vendor
CVE Published:
19 September 2012

What is CVE-2012-3373?

The vulnerability in Apache Wicket allows remote attackers to inject arbitrary web scripts or HTML into web applications. This occurs through vulnerable Ajax link URLs involving a %00 sequence, which can be exploited to execute malicious scripts in the context of users' sessions. This could lead to unauthorized actions and the disclosure of sensitive user information in affected instances of Apache Wicket.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/55445
vdb-entryx_refsource_BID
http://secunia.com/advisories/50555
third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/78321
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.