| I"|<p>Severity: Important</p> |
| |
| <p>Vendor: |
| The Apache Software Foundation</p> |
| |
| <p>Versions Affected: |
| Apache Wicket 1.4.x</p> |
| |
| <p>Apache Wicket 1.3.x and 1.5.x are not affected</p> |
| |
| <p>Description: |
| A Cross Site Scripting (XSS) attack is possible by manipulating the |
| value of ‘wicket:pageMapName’ request parameter.</p> |
| |
| <p>Mitigation: |
| Upgrade to <a href="http://wicket.apache.org/news/2012/03/12/wicket-1.4.20-released.html">Apache Wicket 1.4.20</a> or |
| <a href="http://wicket.apache.org/news/2012/03/12/wicket-1.5.5-released.html">Apache Wicket 1.5.5</a></p> |
| |
| <p>Credit: |
| This issue was discovered by Jens Schenck and Stefan Schmidt.</p> |
| :ET |