CVE-2018-1325

moderate-risk

Published 2018-04-18

In Apache wicket-jquery-ui <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display.

Do I need to act?

-

0.24% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

6

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Wicket-Jquery-Ui

Affected Vendors

Wicket-Jquery-Ui Project

References (2)

Mailing List https://markmail.org/message/6bxjyaolehhq7jrl

Mailing List https://markmail.org/message/6bxjyaolehhq7jrl

44

/ 100

moderate-risk

Severity 23/34 · High

Exploitability 1/34 · Minimal

Exposure 20/34 · Moderate