CVE-2012-3373

EUVD-2012-3346
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
apachewicket
1.4.1
apachewicket
1.4.2
apachewicket
1.4.3
apachewicket
1.4.4
apachewicket
1.4.5
apachewicket
1.4.6
apachewicket
1.4.7
apachewicket
1.4.8
apachewicket
1.4.9
apachewicket
1.4.10
apachewicket
1.4.11
apachewicket
1.4.12
apachewicket
1.4.13
apachewicket
1.4.14
apachewicket
1.4.15
apachewicket
1.4.16
apachewicket
1.4.17
apachewicket
1.4.18
apachewicket
1.4.19
apachewicket
1.4.20
apachewicket
1.5.0
apachewicket
1.5.1
apachewicket
1.5.2
apachewicket
1.5.3
apachewicket
1.5.4
apachewicket
1.5.5
apachewicket
1.5.6
apachewicket
1.5.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/85249
http://secunia.com/advisories/50555
http://wicket.apache.org/2012/09/06/cve-2012-3373.html
http://www.securityfocus.com/bid/55445
http://www.securitytracker.com/id?1027508
https://exchange.xforce.ibmcloud.com/vulnerabilities/78321
http://osvdb.org/85249
http://secunia.com/advisories/50555
http://wicket.apache.org/2012/09/06/cve-2012-3373.html
http://www.securityfocus.com/bid/55445
http://www.securitytracker.com/id?1027508
https://exchange.xforce.ibmcloud.com/vulnerabilities/78321