Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3373

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3373
Last Modified 21 Mar 2013 11:11:27
Published 19 Sep 2012 03:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3373

Summary

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.

Vulnerable Systems

Application

  • Apache Wicket 1.4.0

  • Apache Wicket 1.4.1

  • Apache Wicket 1.4.10

  • Apache Wicket 1.4.11

  • Apache Wicket 1.4.12

  • Apache Wicket 1.4.13

  • Apache Wicket 1.4.14

  • Apache Wicket 1.4.15

  • Apache Wicket 1.4.16

  • Apache Wicket 1.4.17

  • Apache Wicket 1.4.18

  • Apache Wicket 1.4.19

  • Apache Wicket 1.4.2

  • Apache Wicket 1.4.20

  • Apache Wicket 1.4.3

  • Apache Wicket 1.4.4

  • Apache Wicket 1.4.5

  • Apache Wicket 1.4.6

  • Apache Wicket 1.4.7

  • Apache Wicket 1.4.8

  • Apache Wicket 1.4.9

  • Apache Wicket 1.5.0

  • Apache Wicket 1.5.1

  • Apache Wicket 1.5.2

  • Apache Wicket 1.5.3

  • Apache Wicket 1.5.4

  • Apache Wicket 1.5.5

  • Apache Wicket 1.5.6

  • Apache Wicket 1.5.7


References

CONFIRM - http://wicket.apache.org/2012/09/06/cve-2012-3373.html

SECTRACK - 1027508

XF - apache-wicket-unspecified-xss(78321)

BID - 55445

SECUNIA - 50555

OSVDB - 85249


Last Updated: 27 May 2016 11:00:46