CVE-2015-7520: XSS
First published: Tue Apr 12 2016(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow remote attackers to inject arbitrary web script or HTML via a crafted "value" attribute in a <input> element.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Wicket | >=1.5.0<1.5.15 | |
| Apache Wicket | >=6.0.0<6.22.0 | |
| Apache Wicket | >=7.0.0<7.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-7520?
CVE-2015-7520 is classified as a high severity vulnerability due to its potential for exploitation via cross-site scripting.
How do I fix CVE-2015-7520?
To fix CVE-2015-7520, upgrade Apache Wicket to version 1.5.15, 6.22.0, or 7.2.0 or later.
What types of attacks are possible with CVE-2015-7520?
CVE-2015-7520 allows remote attackers to perform cross-site scripting (XSS) attacks by injecting arbitrary web script or HTML.
Which versions of Apache Wicket are affected by CVE-2015-7520?
Apache Wicket versions 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 are impacted by CVE-2015-7520.
Is CVE-2015-7520 easy to exploit?
Yes, CVE-2015-7520 can be exploited easily if the vulnerable components are present in web applications.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/tags
- agent/source
- vendor/apache
- canonical/apache wicket
- version/apache wicket/1.5.0
- version/apache wicket/6.0.0
- version/apache wicket/7.0.0