Description
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
Affected products
- apache / wicket1.4.0 – 1.4.0
- apache / wicket1.4.1 – 1.4.1
- apache / wicket1.4.2 – 1.4.2
- apache / wicket1.4.3 – 1.4.3
- apache / wicket1.4.4 – 1.4.4
- apache / wicket1.4.5 – 1.4.5
- apache / wicket1.4.6 – 1.4.6
- apache / wicket1.4.7 – 1.4.7
- apache / wicket1.4.8 – 1.4.8
- apache / wicket1.4.9 – 1.4.9
- apache / wicket1.4.10 – 1.4.10
- apache / wicket1.4.11 – 1.4.11
- apache / wicket1.4.12 – 1.4.12
- apache / wicket1.4.13 – 1.4.13
- apache / wicket1.4.14 – 1.4.14
- apache / wicket1.4.15 – 1.4.15
- apache / wicket1.4.16 – 1.4.16
- apache / wicket1.4.17 – 1.4.17
- apache / wicket1.4.18 – 1.4.18
- apache / wicket1.4.19 – 1.4.19