GHSA-pwpc-hqq2-hx2x

Suggest an improvement
Source
https://github.com/advisories/GHSA-pwpc-hqq2-hx2x
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pwpc-hqq2-hx2x/GHSA-pwpc-hqq2-hx2x.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-pwpc-hqq2-hx2x
Aliases
Published
2022-05-14T00:58:28Z
Modified
2023-11-01T04:47:44.913349Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Cross-site Scripting in wicket-jquery-ui
Details

In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor.

Database specific
{
    "nvd_published_at": "2018-03-12T13:29:00Z",
    "github_reviewed_at": "2022-11-03T19:08:08Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Maven / com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent

Package

Name
com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent
View open source insights on deps.dev
Purl
pkg:maven/com.googlecode.wicket-jquery-ui/wicket-jquery-ui-parent

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.28.1

Affected versions

1.*

1.5.10
1.5.11

6.*

6.7.0
6.8.0
6.8.1
6.9.0
6.9.1
6.10.0
6.11.0
6.12.0
6.13.0
6.13.1
6.14.0
6.15.0
6.16.0
6.17.0
6.18.0
6.18.1
6.19.0
6.19.1
6.19.2
6.19.3
6.20.0
6.20.1
6.20.2
6.20.3
6.21.0
6.21.1
6.21.2
6.22.0
6.22.1
6.22.2
6.23.0
6.24.0
6.25.0
6.25.1
6.26.0
6.27.0
6.28.0

Maven / com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent

Package

Name
com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent
View open source insights on deps.dev
Purl
pkg:maven/com.googlecode.wicket-jquery-ui/wicket-jquery-ui-parent

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.9.2

Affected versions

7.*

7.0.0
7.0.1
7.0.2
7.1.0
7.2.0
7.2.1
7.3.0
7.3.1
7.4.0
7.5.0
7.6.0
7.7.0
7.8.0
7.9.0
7.9.1

Maven / com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent

Package

Name
com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent
View open source insights on deps.dev
Purl
pkg:maven/com.googlecode.wicket-jquery-ui/wicket-jquery-ui-parent

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0.0-M1
Fixed
8.0.0-M8.1

Affected versions

8.*

8.0.0-M1
8.0.0-M1.1
8.0.0-M2
8.0.0-M3
8.0.0-M4
8.0.0-M4.1
8.0.0-M5
8.0.0-M6
8.0.0-M7
8.0.0-M8