In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wicket-jquery-ui_project | wicket-jquery-ui | * |
| wicket-jquery-ui_project | wicket-jquery-ui | 7.9.0 |
| wicket-jquery-ui_project | wicket-jquery-ui | 7.9.1 |
| wicket-jquery-ui_project | wicket-jquery-ui | 8.0.0 |
| wicket-jquery-ui_project | wicket-jquery-ui | 7.1.0 |
| wicket-jquery-ui_project | wicket-jquery-ui | 7.4.0 |
| wicket-jquery-ui_project | wicket-jquery-ui | 7.0.0 |
| wicket-jquery-ui_project | wicket-jquery-ui | 7.5.0 |
| wicket-jquery-ui_project | wicket-jquery-ui | 7.6.0 |
| wicket-jquery-ui_project | wicket-jquery-ui | 7.3.0 |
| wicket-jquery-ui_project | wicket-jquery-ui | 7.8.0 |
| wicket-jquery-ui_project | wicket-jquery-ui | 7.2.0 |
| wicket-jquery-ui_project | wicket-jquery-ui | 7.0.1 |
| wicket-jquery-ui_project | wicket-jquery-ui | 7.2.1 |
| wicket-jquery-ui_project | wicket-jquery-ui | 7.3.1 |
| wicket-jquery-ui_project | wicket-jquery-ui | 7.7.0 |
| wicket-jquery-ui_project | wicket-jquery-ui | 7.0.2 |
In Apache wicket-jquery-ui <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| wicket-jquery-ui_project | wicket-jquery-ui | 7.0.0 |
| wicket-jquery-ui_project | wicket-jquery-ui | * |
| wicket-jquery-ui_project | wicket-jquery-ui | 8.0.0 |