Cross-Site Scripting Vulnerability in Apache Wicket jQuery UI
CVE-2018-1325

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Wicket-jquery-ui
Vendor: CVE Published:; 18 April 2018

What is CVE-2018-1325?

In certain versions of Apache Wicket jQuery UI, a vulnerability exists whereby JavaScript code created in the WYSIWYG editor can be executed upon display. This flaw could allow an attacker to inject malicious code, potentially leading to unauthorized actions within the user’s session.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

wicket-jquery-ui wicket-jquery-ui <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1

References

https://markmail.org/message/6bxjyaolehhq7jrl

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 18, 2018
Vulnerability Reserved
Dec 7, 2017

JSON

Apache