PT-2026-37383 · Apache · Apache Wicket
Published
2026-05-06
·
Updated
2026-05-06
·
CVE-2026-42509
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Wicket.
This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0.
Users are recommended to upgrade to version 10.9.0, which fixes the issue.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Wicket