CVE-2012-3373
Severity
4.3MEDIUM
EPSS
1.8%
top 17.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 19
Latest updateMay 17
Description
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9