Cross-Site Scripting Vulnerabilities in Apache Wicket by The Apache Software Foundation
CVE-2015-7520

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Wicket
Vendor: CVE Published:; 12 April 2016

What is CVE-2015-7520?

Multiple cross-site scripting (XSS) vulnerabilities exist in the RadioGroup and CheckBoxMultipleChoice classes of Apache Wicket. These flaws can be exploited by attackers to inject arbitrary web scripts or HTML content through maliciously crafted 'value' attributes within elements, potentially compromising user sessions and data integrity. Applications utilizing affected versions of Apache Wicket are at risk and should be updated to secure their environments.

References

http://www.securitytracker.com/id/1035166

vdb-entryx_refsource_SECTRACK

http://wicket.apache.org/news/2016/03/02/cve-2015-7520.html

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2016
Vulnerability Reserved
Sep 29, 2015