VYPR
Medium severity6.1NVD Advisory· Published Apr 12, 2016· Updated Jun 17, 2026

CVE-2015-5347

CVE-2015-5347

Description

Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Apache/Wicket2 versions
    cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apache:wicket:*:*:*:*:*:*:*:*range: >=1.5.0,<1.5.15
    • (no CPE)range: 1.5.x < 1.5.15, 6.x < 6.22.0, 7.x < 7.2.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.