Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue.

INFO

Published Date :

2026-05-06T08:34:00.746Z

Last Modified :

2026-05-06T09:51:12.253Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2026-42509 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-42509.

URL Resource
https://lists.apache.org/thread/52nrq4tt07gxz4r6sj5gyocz5s6bprjp cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System