Cross-Site Scripting Vulnerability in Apache Wicket by The Apache Software Foundation
CVE-2012-3373

Currently unrated

Key Information:

Vendor: Apache
Status: Wicket
Vendor: CVE Published:; 19 September 2012

Summary

The vulnerability in Apache Wicket allows remote attackers to inject arbitrary web scripts or HTML into web applications. This occurs through vulnerable Ajax link URLs involving a %00 sequence, which can be exploited to execute malicious scripts in the context of users' sessions. This could lead to unauthorized actions and the disclosure of sensitive user information in affected instances of Apache Wicket.

References

http://www.securityfocus.com/bid/55445

vdb-entryx_refsource_BID

http://secunia.com/advisories/50555

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/78321

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 19, 2012
Vulnerability Reserved
Jun 14, 2012