MidnightBSD

Advisories for wicket-jquery-ui_project

CVE-2017-15719 MEDIUM

In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
wicket-jquery-ui_project wicket-jquery-ui *
wicket-jquery-ui_project wicket-jquery-ui 7.9.0
wicket-jquery-ui_project wicket-jquery-ui 7.9.1
wicket-jquery-ui_project wicket-jquery-ui 8.0.0
wicket-jquery-ui_project wicket-jquery-ui 7.1.0
wicket-jquery-ui_project wicket-jquery-ui 7.4.0
wicket-jquery-ui_project wicket-jquery-ui 7.0.0
wicket-jquery-ui_project wicket-jquery-ui 7.5.0
wicket-jquery-ui_project wicket-jquery-ui 7.6.0
wicket-jquery-ui_project wicket-jquery-ui 7.3.0
wicket-jquery-ui_project wicket-jquery-ui 7.8.0
wicket-jquery-ui_project wicket-jquery-ui 7.2.0
wicket-jquery-ui_project wicket-jquery-ui 7.0.1
wicket-jquery-ui_project wicket-jquery-ui 7.2.1
wicket-jquery-ui_project wicket-jquery-ui 7.3.1
wicket-jquery-ui_project wicket-jquery-ui 7.7.0
wicket-jquery-ui_project wicket-jquery-ui 7.0.2
CVE-2018-1325 MEDIUM

In Apache wicket-jquery-ui <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
wicket-jquery-ui_project wicket-jquery-ui 7.0.0
wicket-jquery-ui_project wicket-jquery-ui *
wicket-jquery-ui_project wicket-jquery-ui 8.0.0