Fluid Attacks Database

Description

Cross-site Scripting in wicket-jquery-ui In wicket-jquery-ui <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent	>=0 <6.29.1 \|\| >=7.0.0 <7.10.2 \|\| >=8.0.0-m1 <8.0.0-m9.2	6.29.1, 7.10.2, 8.0.0-m9.2

Aliases

1. CVE-2018-13252. NVD-2018-13253. OSV-2018-13254. GCVE-2018-1325

References

1. https://markmail.org/message/6bxjyaolehhq7jrl