CVE-2012-0047

Name of the Vulnerable Software and Affected Versions Apache Wicket versions 1.4.x through 1.4.19

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter. This enables attackers to execute malicious scripts on the client-side.

Recommendations For Apache Wicket versions 1.4.x through 1.4.19, update to version 1.4.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the wicket:pageMapName parameter to minimize the risk of exploitation.