2016/_posts/2016-03-02-cve-2015-7520.md - wicket-site - Git at Google

 ---
 layout: post
 title: CVE-2015-7520 Apache Wicket XSS vulnerability
 ---

 Severity: Important

 Vendor:
 The Apache Software Foundation

 Versions Affected:
 Apache Wicket 1.5.x, 6.x and 7.x

 Description:

 It is possible for JavaScript statements to break out of a RadioGroup's
 and CheckBoxMultipleChoice's "value" attribute of `<input>` elements

 This might pose a security threat if the written JavaScript contains user provided data.

 ## The application developers are recommended to upgrade to:

 * [Apache Wicket 1.5.15](/news/2016/02/19/wicket-1.5.15-released.html)
 * [Apache Wicket 6.22.0](/news/2016/02/19/wicket-6.22.0-released.html)
 * [Apache Wicket 7.2.0](/news/2016/01/20/wicket-7.2.0-released.html)

 Credit:
 This issue was reported by Canh Ngo!

 Apache Wicket Team
	---
	layout: post
	title: CVE-2015-7520 Apache Wicket XSS vulnerability
	---

	Severity: Important

	Vendor:
	The Apache Software Foundation

	Versions Affected:
	Apache Wicket 1.5.x, 6.x and 7.x

	Description:

	It is possible for JavaScript statements to break out of a RadioGroup's
	and CheckBoxMultipleChoice's "value" attribute of `<input>` elements

	This might pose a security threat if the written JavaScript contains user provided data.

	## The application developers are recommended to upgrade to:

	* [Apache Wicket 1.5.15](/news/2016/02/19/wicket-1.5.15-released.html)
	* [Apache Wicket 6.22.0](/news/2016/02/19/wicket-6.22.0-released.html)
	* [Apache Wicket 7.2.0](/news/2016/01/20/wicket-7.2.0-released.html)

	Credit:
	This issue was reported by Canh Ngo!

	Apache Wicket Team