CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-5347

Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.017

EPSS Ranking 81.5%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2015-5347

Apache » Wicket » Version: 1.5.0

cpe:2.3:a:apache:wicket:1.5.0
Apache » Wicket » Version: 1.5.1

cpe:2.3:a:apache:wicket:1.5.1
Apache » Wicket » Version: 1.5.10

cpe:2.3:a:apache:wicket:1.5.10
Apache » Wicket » Version: 1.5.11

cpe:2.3:a:apache:wicket:1.5.11
Apache » Wicket » Version: 1.5.12

cpe:2.3:a:apache:wicket:1.5.12
Apache » Wicket » Version: 1.5.13

cpe:2.3:a:apache:wicket:1.5.13
Apache » Wicket » Version: 1.5.14

cpe:2.3:a:apache:wicket:1.5.14
Apache » Wicket » Version: 1.5.2

cpe:2.3:a:apache:wicket:1.5.2
Apache » Wicket » Version: 1.5.3

cpe:2.3:a:apache:wicket:1.5.3
Apache » Wicket » Version: 1.5.4

cpe:2.3:a:apache:wicket:1.5.4
Apache » Wicket » Version: 1.5.4.1

cpe:2.3:a:apache:wicket:1.5.4.1
Apache » Wicket » Version: 1.5.5

cpe:2.3:a:apache:wicket:1.5.5
Apache » Wicket » Version: 1.5.6

cpe:2.3:a:apache:wicket:1.5.6
Apache » Wicket » Version: 1.5.7

cpe:2.3:a:apache:wicket:1.5.7
Apache » Wicket » Version: 1.5.8

cpe:2.3:a:apache:wicket:1.5.8
Apache » Wicket » Version: 1.5.9

cpe:2.3:a:apache:wicket:1.5.9
Apache » Wicket » Version: 6.0.0

cpe:2.3:a:apache:wicket:6.0.0
Apache » Wicket » Version: 6.0.0-beta1

cpe:2.3:a:apache:wicket:6.0.0-beta1
Apache » Wicket » Version: 6.0.0-beta2

cpe:2.3:a:apache:wicket:6.0.0-beta2
Apache » Wicket » Version: 6.0.0-beta3

cpe:2.3:a:apache:wicket:6.0.0-beta3
Apache » Wicket » Version: 6.1.0

cpe:2.3:a:apache:wicket:6.1.0
Apache » Wicket » Version: 6.1.1

cpe:2.3:a:apache:wicket:6.1.1
Apache » Wicket » Version: 6.10.0

cpe:2.3:a:apache:wicket:6.10.0
Apache » Wicket » Version: 6.11.0

cpe:2.3:a:apache:wicket:6.11.0
Apache » Wicket » Version: 6.12.0

cpe:2.3:a:apache:wicket:6.12.0
Apache » Wicket » Version: 6.13.0

cpe:2.3:a:apache:wicket:6.13.0
Apache » Wicket » Version: 6.14.0

cpe:2.3:a:apache:wicket:6.14.0
Apache » Wicket » Version: 6.15.0

cpe:2.3:a:apache:wicket:6.15.0
Apache » Wicket » Version: 6.16.0

cpe:2.3:a:apache:wicket:6.16.0
Apache » Wicket » Version: 6.17.0

cpe:2.3:a:apache:wicket:6.17.0
Apache » Wicket » Version: 6.18.0

cpe:2.3:a:apache:wicket:6.18.0
Apache » Wicket » Version: 6.19.0

cpe:2.3:a:apache:wicket:6.19.0
Apache » Wicket » Version: 6.2.0

cpe:2.3:a:apache:wicket:6.2.0
Apache » Wicket » Version: 6.20.0

cpe:2.3:a:apache:wicket:6.20.0
Apache » Wicket » Version: 6.21.0

cpe:2.3:a:apache:wicket:6.21.0
Apache » Wicket » Version: 6.3.0

cpe:2.3:a:apache:wicket:6.3.0
Apache » Wicket » Version: 6.4.0

cpe:2.3:a:apache:wicket:6.4.0
Apache » Wicket » Version: 6.5.0

cpe:2.3:a:apache:wicket:6.5.0
Apache » Wicket » Version: 6.6.0

cpe:2.3:a:apache:wicket:6.6.0
Apache » Wicket » Version: 6.7.0

cpe:2.3:a:apache:wicket:6.7.0
Apache » Wicket » Version: 6.8.0

cpe:2.3:a:apache:wicket:6.8.0
Apache » Wicket » Version: 6.9.0

cpe:2.3:a:apache:wicket:6.9.0
Apache » Wicket » Version: 6.9.1

cpe:2.3:a:apache:wicket:6.9.1
Apache » Wicket » Version: 7.0

cpe:2.3:a:apache:wicket:7.0
Apache » Wicket » Version: 7.0.0

cpe:2.3:a:apache:wicket:7.0.0
Apache » Wicket » Version: 7.1.0

cpe:2.3:a:apache:wicket:7.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-5347

Products

Pricing

Contact Us