CVE-2017-15719

In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
apacheCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
wicket-jquery-ui_projectwicket-jquery-ui
6.0.0 ≤
𝑥
≤ 6.28.0
wicket-jquery-ui_projectwicket-jquery-ui
7.0.0
wicket-jquery-ui_projectwicket-jquery-ui
7.0.0:milestone3
wicket-jquery-ui_projectwicket-jquery-ui
7.0.0:milestone4
wicket-jquery-ui_projectwicket-jquery-ui
7.0.0:milestone5
wicket-jquery-ui_projectwicket-jquery-ui
7.0.0:milestone6
wicket-jquery-ui_projectwicket-jquery-ui
7.0.1
wicket-jquery-ui_projectwicket-jquery-ui
7.0.2
wicket-jquery-ui_projectwicket-jquery-ui
7.1.0
wicket-jquery-ui_projectwicket-jquery-ui
7.2.0
wicket-jquery-ui_projectwicket-jquery-ui
7.2.1
wicket-jquery-ui_projectwicket-jquery-ui
7.3.0
wicket-jquery-ui_projectwicket-jquery-ui
7.3.1
wicket-jquery-ui_projectwicket-jquery-ui
7.4.0
wicket-jquery-ui_projectwicket-jquery-ui
7.5.0
wicket-jquery-ui_projectwicket-jquery-ui
7.6.0
wicket-jquery-ui_projectwicket-jquery-ui
7.7.0
wicket-jquery-ui_projectwicket-jquery-ui
7.8.0
wicket-jquery-ui_projectwicket-jquery-ui
7.9.0
wicket-jquery-ui_projectwicket-jquery-ui
7.9.1
wicket-jquery-ui_projectwicket-jquery-ui
8.0.0
wicket-jquery-ui_projectwicket-jquery-ui
8.0.0:milestone1
wicket-jquery-ui_projectwicket-jquery-ui
8.0.0:milestone1.1
wicket-jquery-ui_projectwicket-jquery-ui
8.0.0:milestone2
wicket-jquery-ui_projectwicket-jquery-ui
8.0.0:milestone3
wicket-jquery-ui_projectwicket-jquery-ui
8.0.0:milestone4
wicket-jquery-ui_projectwicket-jquery-ui
8.0.0:milestone4.1
wicket-jquery-ui_projectwicket-jquery-ui
8.0.0:milestone5
wicket-jquery-ui_projectwicket-jquery-ui
8.0.0:milestone6
wicket-jquery-ui_projectwicket-jquery-ui
8.0.0:milestone7
wicket-jquery-ui_projectwicket-jquery-ui
8.0.0:milestone8
wicket-jquery-ui_projectwicket-jquery-ui
𝑥
≤ 7.9.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://openmeetings.apache.org/security.html#_toc_cve-2017-15719_-_wicket_jquery_ui_xss_in_wysiwyg_e
https://github.com/sebfz1/wicket-jquery-ui/wiki#cve-2017-15719---xss-in-wysiwyg-editor
http://openmeetings.apache.org/security.html#_toc_cve-2017-15719_-_wicket_jquery_ui_xss_in_wysiwyg_e
https://github.com/sebfz1/wicket-jquery-ui/wiki#cve-2017-15719---xss-in-wysiwyg-editor