CVE-2015-5347
Last modified
CVE-2015-5347 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title.. EPSS estimates a 8.21% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Wicket | >= 1.5.0, < 1.5.15 |
| Apache | Wicket | >= 6.0.0, < 6.22.0 |
| Apache | Wicket | >= 7.0, < 7.2.0 |
References
- http://wicket.apache.org/news/2016/03/01/cve-2015-5347.htmlVendor Advisory
- http://www.securitytracker.com/id/1035165Third Party Advisory, VDB Entry
- https://issues.apache.org/jira/browse/WICKET-6037Exploit, Vendor Advisory
- http://wicket.apache.org/news/2016/03/01/cve-2015-5347.htmlVendor Advisory
- http://www.securitytracker.com/id/1035165Third Party Advisory, VDB Entry
- https://issues.apache.org/jira/browse/WICKET-6037Exploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-5347?
How severe is CVE-2015-5347?
How do I fix CVE-2015-5347?
Are you affected by CVE-2015-5347?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST