lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 23 Aug 2011 21:22:28 +0300
From: Martin Grigorov <>
Subject: [CVE-2011-2712] Apache Wicket XSS vulnerability

Severity: Important

The Apache Software Foundation

Versions Affected:
Apache Wicket 1.4.x

Apache Wicket 1.3.x and 1.5-RCx are not affected

With multi window support application configuration and special query
parameters it
is possible to execute any kind of JavaScript on a site running with the
affected versions.

Either disable multi window support with
or upgrade to Apache Wicket 1.4.18 or 1.5-RC5.1.

This issue was discovered by Sven Krewitt of TÜV Rheinland i-sec GmbH.

Apache Wicket Team

Powered by blists - more mailing lists