Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2712

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2011-2712
Last Modified 05 Oct 2011 10:50:26
Published 29 Aug 2011 11:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-2712

Summary

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Vulnerable Systems

Application

  • Apache Wicket 1.4.0

  • Apache Wicket 1.4.1

  • Apache Wicket 1.4.10

  • Apache Wicket 1.4.11

  • Apache Wicket 1.4.12

  • Apache Wicket 1.4.13

  • Apache Wicket 1.4.14

  • Apache Wicket 1.4.15

  • Apache Wicket 1.4.16

  • Apache Wicket 1.4.17

  • Apache Wicket 1.4.2

  • Apache Wicket 1.4.3

  • Apache Wicket 1.4.4

  • Apache Wicket 1.4.5

  • Apache Wicket 1.4.6

  • Apache Wicket 1.4.7

  • Apache Wicket 1.4.8

  • Apache Wicket 1.4.9


References

XF - apache-wicket-multi-window-xss(69394)

SECTRACK - 1025976

BID - 49290

BUGTRAQ - 20110823 [CVE-2011-2712] Apache Wicket XSS vulnerability

CONFIRM - http://wicket.apache.org/2011/08/23/cve-2011-2712.html

SREASON - 8357

SECUNIA - 45727


Last Updated: 27 May 2016 10:57:05