1. Home
  2. CVE Database
  3. CVE-2017-15719
MEDIUM · 6.1

CVE-2017-15719

In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to W...

Vulnerability Description

In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
Wicket-Jquery-Ui ProjectWicket-Jquery-Ui>= 6.0.0, <= 6.28.0

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2017-15719?

CVE-2017-15719 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to W...

How severe is CVE-2017-15719?

CVE-2017-15719 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-15719?

Check the references section above for vendor advisories and patch information. Affected products include: Wicket-Jquery-Ui Project Wicket-Jquery-Ui.