CVE-2015-7520

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Wicket
Vendor: CVE Published:; 12 April 2016

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a element.

References

http://www.securitytracker.com/id/1035166

vdb-entryx_refsource_SECTRACK

http://wicket.apache.org/news/2016/03/02/cve-2015-7520.html

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 12, 2016
Vulnerability Reserved
Sep 29, 2015