CVE-2012-3373
published 2012-09-19CVE-2012-3373: Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or…
medium4.3CVSS 3.1
AVNACMAuNCNIPAN
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |
| apache | wicket | — | — |