CVE-2013-2055

medium Apache
CVSS v3 Base Score
5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS Score
1.6%
Exploitation probability in 30 days
Top 18% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None
Published: February 10, 2014 (4476 days ago)
Last Modified: April 29, 2026
Vendor: Apache
Source: NVD

Description

Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup.

CWE

NVD-CWE-noinfo

Affected Products

apache wicket

References

🔗 osvdb.org 🔗 seclists.org 🔗 www.securityfocus.com 🔗 wicket.apache.org 🔗 wicket.apache.org