Vulnerabilities > Apache > Wicket > 6.0.0.beta2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-25 | CVE-2021-23937 | Information Exposure vulnerability in Apache Wicket A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. | 7.5 |
| 2020-08-11 | CVE-2020-11976 | Files or Directories Accessible to External Parties vulnerability in Apache Fortress and Wicket By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. | 7.5 |
| 2017-09-15 | CVE-2014-7808 | Cryptographic Issues vulnerability in Apache Wicket Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider. | 7.5 |
| 2017-07-17 | CVE-2016-6793 | Deserialization of Untrusted Data vulnerability in Apache Wicket The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the permissions of DiskFileItem, and if running on a Java VM before 1.3.1, execute arbitrary code via a crafted serialized Java object. | 9.1 |
| 2016-04-12 | CVE-2015-7520 | Cross-site Scripting vulnerability in Apache Wicket Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a <input> element. | 6.1 |
| 2016-04-12 | CVE-2015-5347 | Cross-site Scripting vulnerability in Apache Wicket Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title. | 6.1 |