Apache Wicket 1.4.x XSS Vulnerability with setAutomaticMultiWindowSupport

Apache Wicket 1.4.x XSS Vulnerability with setAutomaticMultiWindowSupport

CVE-2011-2712 · LOW Severity

AV:N/AC:H/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Learn more about our Cis Benchmark Audit For Apache Http Server.