Vulnerabilities > Apache > Wicket > 7.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-25 | CVE-2021-23937 | Information Exposure vulnerability in Apache Wicket A DNS proxy and possible amplification attack vulnerability in WebClientInfo of Apache Wicket allows an attacker to trigger arbitrary DNS lookups from the server when the X-Forwarded-For header is not properly sanitized. | 7.5 |
| 2020-08-11 | CVE-2020-11976 | Files or Directories Accessible to External Parties vulnerability in Apache Fortress and Wicket By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. | 7.5 |
| 2017-10-03 | CVE-2016-6806 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Wicket Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. | 8.8 |
| 2016-04-12 | CVE-2015-7520 | Cross-site Scripting vulnerability in Apache Wicket Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a <input> element. | 6.1 |
| 2016-04-12 | CVE-2015-5347 | Cross-site Scripting vulnerability in Apache Wicket Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title. | 6.1 |