Vulnerability Details CVE-2017-15719
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://openmeetings.apache.org/security.html#_toc_cve-2017-15719_-_wicket_jquery_ui_xss_in_wysiwyg_e
- https://github.com/sebfz1/wicket-jquery-ui/wiki#cve-2017-15719---xss-in-wysiwyg-editor
- http://openmeetings.apache.org/security.html#_toc_cve-2017-15719_-_wicket_jquery_ui_xss_in_wysiwyg_e
- https://github.com/sebfz1/wicket-jquery-ui/wiki#cve-2017-15719---xss-in-wysiwyg-editor
Products affected by CVE-2017-15719
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:1.2.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:1.2.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:1.2.2
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:1.3.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:1.3.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:1.4.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:1.4.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:1.4.2
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:1.5.10
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:1.5.11
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:1.5.16
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.0.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.1.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.1.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.10.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.11.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.12.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.13.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.13.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.14.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.15.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.16.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.17.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.18.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.18.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.19.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.19.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.19.2
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.19.3
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.2.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.2.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.2.2
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.20.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.20.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.20.2
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.20.3
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.21.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.21.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.21.2
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.22.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.22.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.22.2
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.23.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.24.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.25.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.25.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.26.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.27.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.28.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.28.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.29.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.29.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.7.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.8.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.8.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.9.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:6.9.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:7.0.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:7.0.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:7.0.2
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:7.1.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:7.2.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:7.2.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:7.3.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:7.3.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:7.4.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:7.5.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:7.6.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:7.7.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:7.8.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:7.9.0
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:7.9.1
-
cpe:2.3:a:wicket-jquery-ui_project:wicket-jquery-ui:8.0.0