CVE-2011-2712

Description

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Affected products

• apache / wicket1.4.0 – 1.4.0
• apache / wicket1.4.1 – 1.4.1
• apache / wicket1.4.2 – 1.4.2
• apache / wicket1.4.3 – 1.4.3
• apache / wicket1.4.4 – 1.4.4
• apache / wicket1.4.5 – 1.4.5
• apache / wicket1.4.6 – 1.4.6
• apache / wicket1.4.7 – 1.4.7
• apache / wicket1.4.8 – 1.4.8
• apache / wicket1.4.9 – 1.4.9
• apache / wicket1.4.10 – 1.4.10
• apache / wicket1.4.11 – 1.4.11
• apache / wicket1.4.12 – 1.4.12
• apache / wicket1.4.13 – 1.4.13
• apache / wicket1.4.14 – 1.4.14
• apache / wicket1.4.15 – 1.4.15
• apache / wicket1.4.16 – 1.4.16
• apache / wicket1.4.17 – 1.4.17

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/45727
• MISChttp://www.securitytracker.com/id?1025976
• MISChttp://securityreason.com/securityalert/8357
• MISChttp://www.securityfocus.com/bid/49290
• MISChttp://wicket.apache.org/2011/08/23/cve-2011-2712.html
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/69394
• MISChttp://www.securityfocus.com/archive/1/519398/100/0/threaded