Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: Apache Wicket 1.5.x, 6.x and 7.x
Description:
It is possible for JavaScript statements to break out of a RadioGroup‘s and CheckBoxMultipleChoice’s “value” attribute of <input>
elements
This might pose a security threat if the written JavaScript contains user provided data.
Credit: This issue was reported by Canh Ngo!
Apache Wicket Team