CVE-2012-5636: XSS
First published: Mon Oct 30 2017(Updated: )
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Wicket | =1.4.0 | |
| Apache Wicket | =1.4.1 | |
| Apache Wicket | =1.4.2 | |
| Apache Wicket | =1.4.3 | |
| Apache Wicket | =1.4.4 | |
| Apache Wicket | =1.4.5 | |
| Apache Wicket | =1.4.6 | |
| Apache Wicket | =1.4.7 | |
| Apache Wicket | =1.4.8 | |
| Apache Wicket | =1.4.9 | |
| Apache Wicket | =1.4.10 | |
| Apache Wicket | =1.4.11 | |
| Apache Wicket | =1.4.12 | |
| Apache Wicket | =1.4.13 | |
| Apache Wicket | =1.4.14 | |
| Apache Wicket | =1.4.15 | |
| Apache Wicket | =1.4.16 | |
| Apache Wicket | =1.4.17 | |
| Apache Wicket | =1.4.18 | |
| Apache Wicket | =1.4.19 | |
| Apache Wicket | =1.4.20 | |
| Apache Wicket | =1.4.21 | |
| Apache Wicket | =1.5.0 | |
| Apache Wicket | =1.5.1 | |
| Apache Wicket | =1.5.2 | |
| Apache Wicket | =1.5.3 | |
| Apache Wicket | =1.5.4 | |
| Apache Wicket | =1.5.5 | |
| Apache Wicket | =1.5.6 | |
| Apache Wicket | =1.5.7 | |
| Apache Wicket | =1.5.8 | |
| Apache Wicket | =1.5.9 | |
| Apache Wicket | =6.0.0 | |
| Apache Wicket | =6.1.0 | |
| Apache Wicket | =6.1.1 | |
| Apache Wicket | =6.2.0 | |
| Apache Wicket | =6.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-5636?
CVE-2012-5636 is considered a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2012-5636?
To fix CVE-2012-5636, upgrade to Apache Wicket version 1.4.22, 1.5.10, or 6.4.0 or later.
What software versions are affected by CVE-2012-5636?
CVE-2012-5636 affects Apache Wicket versions 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0.
Is CVE-2012-5636 a remote attack vulnerability?
Yes, CVE-2012-5636 allows remote attackers to inject arbitrary web script or HTML.
What types of attacks can occur due to CVE-2012-5636?
CVE-2012-5636 can lead to cross-site scripting (XSS) attacks, where malicious scripts are executed in the context of a user's browser.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/apache
- canonical/apache wicket
- version/apache wicket/1.4.0
- version/apache wicket/1.4.1
- version/apache wicket/1.4.2
- version/apache wicket/1.4.3
- version/apache wicket/1.4.4
- version/apache wicket/1.4.5
- version/apache wicket/1.4.6
- version/apache wicket/1.4.7
- version/apache wicket/1.4.8
- version/apache wicket/1.4.9
- version/apache wicket/1.4.10
- version/apache wicket/1.4.11
- version/apache wicket/1.4.12
- version/apache wicket/1.4.13
- version/apache wicket/1.4.14
- version/apache wicket/1.4.15
- version/apache wicket/1.4.16
- version/apache wicket/1.4.17
- version/apache wicket/1.4.18
- version/apache wicket/1.4.19
- version/apache wicket/1.4.20
- version/apache wicket/1.4.21
- version/apache wicket/1.5.0
- version/apache wicket/1.5.1
- version/apache wicket/1.5.2
- version/apache wicket/1.5.3
- version/apache wicket/1.5.4
- version/apache wicket/1.5.5
- version/apache wicket/1.5.6
- version/apache wicket/1.5.7
- version/apache wicket/1.5.8
- version/apache wicket/1.5.9
- version/apache wicket/6.0.0
- version/apache wicket/6.1.0
- version/apache wicket/6.1.1
- version/apache wicket/6.2.0
- version/apache wicket/6.3.0