In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent(Maven) | 0 | 6.28.1 | N/A |
| com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent(Maven) | 7.0.0 | 7.9.2 | N/A |
| com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent(Maven) | 8.0.0-M1 | 8.0.0-M8.1 | N/A |
CVSS Metrics
