In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor.
[
{
"product": "Wicket jQuery UI",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "<= 6.28.0"
},
{
"status": "affected",
"version": "<= 7.9.1"
},
{
"status": "affected",
"version": "<= 8.0.0-M8"
}
]
}
]