Apache Wicket has a Cross-site Scripting issue

GHSA-5x9h-93gp-chpj · CVE-2026-42509

Published May 6, 2026 · Modified May 11, 2026

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Wicket.

This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0.

Users are recommended to upgrade to version 10.9.0, which fixes the issue.

Ready to move

Free, no credit card | First findings in minutes